Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changed API configuration step in offline documentation #7234

Conversation

davidcr01
Copy link
Contributor

Description

Closes: #7225

The aim of this to change the localhost value of the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml file of the Wazuh offline documentation and the Step-by-step documentation of the Wazuh dashboard installation.

This change is done because we do not support the localhost value in that file due to wazuh/wazuh-packages#2771. This also implies to remove the Only for distributed deployments note.

Also, I flxed a typo in the Offline documentation.

Screenshot from 2024-04-25 12-25-05
Screenshot from 2024-04-25 12-25-16

Checks

Docs building

  • Compiles without warnings.

Code formatting and web optimization

  • Uses three spaces indentation.
  • Adds or updates meta descriptions accordingly.
  • Updates the redirects.js script if necessary (check this guide).

Writing style

  • Uses present tense, active voice, and semi-formal registry.
  • Uses short, simple sentences.
  • Uses bold for user interface elements, italics for key terms or emphasis, and code font for Bash commands, file names, REST paths, and code.

@davidcr01 davidcr01 requested review from javimed and a team April 25, 2024 11:38
@davidcr01 davidcr01 self-assigned this Apr 25, 2024
@davidcr01 davidcr01 linked an issue Apr 25, 2024 that may be closed by this pull request
teddytpc1
teddytpc1 previously approved these changes Apr 29, 2024
@javimed javimed added type/change Change requested level/task Task issue labels Apr 29, 2024
Copy link
Member

@javimed javimed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And what about all the user administration documents? For example password management document or the Google SSO as administrator

same for LDAP occurrences. Or for example these lines?

@@ -444,14 +444,14 @@ Installing the Wazuh dashboard

.. include:: /_templates/installations/dashboard/enable_dashboard.rst

#. **Only for distributed deployments**: Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node.
#. Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#. Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node.
#. Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done


.. code-block:: yaml
:emphasize-lines: 3

hosts:
- default:
url: https://localhost
url: https://<wazuh_server_ip>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
url: https://<wazuh_server_ip>
url: https://<WAZUH_SERVER_IP_ADDRESS>

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We use uppercase and underscores for placeholders.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -463,7 +463,7 @@ Installing the Wazuh dashboard

#. Access the web interface.

- URL: *https://<wazuh_server_ip>*
- URL: *https://<wazuh_dashboard_ip>*
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- URL: *https://<wazuh_dashboard_ip>*
- URL: *https://<WAZUH_DASHBOARD_IP_ADDRESS>*

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -99,20 +99,20 @@ Starting the Wazuh dashboard service
.. include:: /_templates/installations/dashboard/enable_dashboard.rst


**Only for distributed deployments**

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -99,20 +99,20 @@ Starting the Wazuh dashboard service
.. include:: /_templates/installations/dashboard/enable_dashboard.rst


**Only for distributed deployments**


Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -99,20 +99,20 @@ Starting the Wazuh dashboard service
.. include:: /_templates/installations/dashboard/enable_dashboard.rst


Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

run_as: false
hosts:
- default:
url: https://<wazuh_server_ip>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
url: https://<wazuh_server_ip>
url: https://<WAZUH_SERVER_IP_ADDRESS>

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@davidcr01
Copy link
Contributor Author

davidcr01 commented Apr 30, 2024

Changes of localhost to 127.0.0.1 has been tested:

[root@ip-172-31-36-140 ec2-user]# cat /etc/wazuh-indexer/opensearch.yml 
network.host: "127.0.0.1"
node.name: "node-1"
cluster.initial_master_nodes:
[root@ip-172-31-36-140 ec2-user]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml 
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://127.0.0.1:9200
[root@ip-172-31-36-140 ec2-user]# tail -n 5 /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml 
      url: https://127.0.0.1
      port: 55000
      username: wazuh-wui
      password: wazuh-wui
      run_as: false
Show log
[root@ip-172-31-36-140 ec2-user]# bash wazuh-install.sh -dw rpm
30/04/2024 16:29:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
30/04/2024 16:29:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/04/2024 16:29:22 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/04/2024 16:29:28 INFO: --- Download Packages ---
30/04/2024 16:29:28 INFO: Starting Wazuh packages download.
30/04/2024 16:29:28 INFO: Downloading Wazuh rpm packages for x86_64.
30/04/2024 16:29:33 INFO: The manager package was downloaded.
30/04/2024 16:29:34 INFO: The filebeat package was downloaded.
30/04/2024 16:29:44 INFO: The indexer package was downloaded.
30/04/2024 16:29:49 INFO: The dashboard package was downloaded.
30/04/2024 16:29:49 INFO: The packages are in wazuh-offline/wazuh-packages
30/04/2024 16:29:49 INFO: Downloading configuration files and assets.
30/04/2024 16:29:49 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
30/04/2024 16:29:50 INFO: The resource https://packages-dev.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded.
30/04/2024 16:29:50 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
30/04/2024 16:29:50 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
30/04/2024 16:29:50 INFO: The configuration files and assets are in wazuh-offline.tar.gz
30/04/2024 16:31:01 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
[root@ip-172-31-36-140 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/config.yml
[root@ip-172-31-36-140 ec2-user]# nano config.yml 
[root@ip-172-31-36-140 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-certs-tool.sh
[root@ip-172-31-36-140 ec2-user]# bash wazuh-certs-tool.sh --all
30/04/2024 16:32:42 INFO: Generating the root certificate.
30/04/2024 16:32:42 INFO: Generating Admin certificates.
30/04/2024 16:32:42 INFO: Admin certificates created.
30/04/2024 16:32:42 INFO: Generating Wazuh indexer certificates.
30/04/2024 16:32:43 INFO: Wazuh indexer certificates created.
30/04/2024 16:32:43 INFO: Generating Filebeat certificates.
30/04/2024 16:32:43 INFO: Wazuh Filebeat certificates created.
30/04/2024 16:32:43 INFO: Generating Wazuh dashboard certificates.
30/04/2024 16:32:43 INFO: Wazuh dashboard certificates created.
[root@ip-172-31-36-140 ec2-user]# tar xf wazuh-offline.tar.gz
[root@ip-172-31-36-140 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-indexer*.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:wazuh-indexer-4.8.0-1            ################################# [100%]
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
[root@ip-172-31-36-140 ec2-user]# NODE_NAME=node-1
[root@ip-172-31-36-140 ec2-user]# mkdir /etc/wazuh-indexer/certs
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@ip-172-31-36-140 ec2-user]# mv wazuh-certificates/admin-key.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-36-140 ec2-user]# mv wazuh-certificates/admin.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-36-140 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-36-140 ec2-user]# chmod 500 /etc/wazuh-indexer/certs
[root@ip-172-31-36-140 ec2-user]# chmod 400 /etc/wazuh-indexer/certs/*
[root@ip-172-31-36-140 ec2-user]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@ip-172-31-36-140 ec2-user]# nano /etc/wazuh-indexer/opensearch.yml
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start wazuh-indexer
[root@ip-172-31-36-140 ec2-user]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@ip-172-31-36-140 ec2-user]# curl -XGET https://127.0.0.1:9200 -u admin:admin -k
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "hiJYvQy-R02Jk9jZn76R-Q",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-36-140 ec2-user]# curl -XGET https://localhost:9200 -u admin:admin -k
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "hiJYvQy-R02Jk9jZn76R-Q",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-36-140 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-manager*.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:wazuh-manager-4.8.0-1            ################################# [100%]

[root@ip-172-31-36-140 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer ^C password -v admin
[root@ip-172-31-36-140 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer -k username -v admin

[root@ip-172-31-36-140 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer -k password -v admin
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start wazuh-manager
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/filebeat*.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:filebeat-7.10.2-1                ################################# [100%]
[root@ip-172-31-36-140 ec2-user]# cp ./wazuh-offline/wazuh-files/filebeat.yml /etc/filebeat/ &&\
> cp ./wazuh-offline/wazuh-files/wazuh-template.json /etc/filebeat/ &&\
> chmod go+r /etc/filebeat/wazuh-template.json
cp: overwrite ‘/etc/filebeat/filebeat.yml’? y
[root@ip-172-31-36-140 ec2-user]# nano /etc/filebeat/filebeat.yml
[root@ip-172-31-36-140 ec2-user]# filebeat keystore create
Created filebeat keystore
[root@ip-172-31-36-140 ec2-user]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@ip-172-31-36-140 ec2-user]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@ip-172-31-36-140 ec2-user]# tar -xzf ./wazuh-offline/wazuh-files/wazuh-filebeat-0.4.tar.gz -C /usr/share/filebeat/module
[root@ip-172-31-36-140 ec2-user]# NODE_NAME=wazuh-1
[root@ip-172-31-36-140 ec2-user]# mkdir /etc/filebeat/certs
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@ip-172-31-36-140 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/filebeat/certs/
[root@ip-172-31-36-140 ec2-user]# chmod 500 /etc/filebeat/certs
[root@ip-172-31-36-140 ec2-user]# chmod 400 /etc/filebeat/certs/*
[root@ip-172-31-36-140 ec2-user]# chown -R root:root /etc/filebeat/certs
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable filebeat
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start filebeat

[root@ip-172-31-36-140 ec2-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@ip-172-31-36-140 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-dashboard*.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:wazuh-dashboard-4.8.0-1          ################################# [100%]
[root@ip-172-31-36-140 ec2-user]# NODE_NAME=dashboard
[root@ip-172-31-36-140 ec2-user]# mkdir /etc/wazuh-dashboard/certs
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@ip-172-31-36-140 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/wazuh-dashboard/certs/
[root@ip-172-31-36-140 ec2-user]# chmod 500 /etc/wazuh-dashboard/certs
[root@ip-172-31-36-140 ec2-user]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@ip-172-31-36-140 ec2-user]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@ip-172-31-36-140 ec2-user]# nano /etc/wazuh-dashboard/opensearch_dashboards.yml
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable wazuh-dashboard
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start wazuh-dashboard
[root@ip-172-31-36-140 ec2-user]# nano /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

[root@ip-172-31-36-140 ec2-user]# curl -u wazuh-wui:wazuh-wui -k -X GET "https://127.0.0.1:55000/security/user/authenticate?raw=true"
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzE0NDk1Nzk3LCJleHAiOjE3MTQ0OTY2OTcsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoid2hpdGUifQ.AG6kZBmP79GsYbbszxRq0TDWVSu7iLoyZ3GApQ6Unjsc1_NMEBmRpvYRLLH5hYDZmXydd2iV3MpXktwncBXmOcX9Ad1WWVyCVIth8V_G46rriPAP56lQ06Rmi57ZqEeqFCssH0bj1mu61LeYMnGxeg5SkF7kQNTKjuH8mWwujRLuGZSF[root@ip-172-31-36-140 ec2-user]# 

image

@javimed javimed merged commit 0e436f2 into 4.8.0 May 2, 2024
3 checks passed
@javimed javimed deleted the change/7225-change-api-configuration-step-in-offline-documentation branch May 2, 2024 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
level/task Task issue type/change Change requested
Projects
No open projects
Status: Done
Development

Successfully merging this pull request may close these issues.

Change API configuration step in offline and dashboard documentation
3 participants