-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve offline installation experience #1422
Improve offline installation experience #1422
Comments
Update ReportWorkaroundAfter considering adding support for a single-node installation (AIO) and distributed-node installation, I noticed that maybe, it is not necessary to add too much code to automatize the installation process of the offline installation. With some investigation, I noticed that what we are trying to do is the same that the WIA can do currently (AIO and install the Wazuh central components separately) but instead of using the packages manager to install the packages from the repositories, it would use the packages managers to perform local installations, using the packages contained in the tar file resulting of the It is necessary to consider the structure of the resulting root@ubuntu22:/home/vagrant# tree wazuh-offline
wazuh-offline
├── wazuh-files
│ ├── filebeat.yml
│ ├── GPG-KEY-WAZUH
│ ├── wazuh-filebeat-0.2.tar.gz
│ └── wazuh-template.json
└── wazuh-packages
├── filebeat-oss-7.10.2-amd64.deb
├── wazuh-dashboard_4.6.0-1_amd64.deb
├── wazuh-indexer_4.6.0-1_amd64.deb
└── wazuh-manager_4.6.0-1_amd64.deb
2 directories, 8 files
TasksConsidering the size of the issue, it is nearly compulsory to divide it into different tasks, following order to perform the correct development:
Besides, it is necessary to:
After this, some validations must be done to ensure the correct behavior:
|
Update ReportValidations🟢 Validation of dependency not installedroot@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a
24/11/2023 17:46:42 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/11/2023 17:46:42 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/11/2023 17:46:42 INFO: Checking installed dependencies for Offline installation.
24/11/2023 17:46:44 ERROR: openssl is necessary for the offline installation. 🟢 Validation of wrong parametersroot@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -dw deb
24/11/2023 17:49:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/11/2023 17:49:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/11/2023 17:49:31 INFO: Checking installed dependencies for Offline installation.
24/11/2023 17:49:34 ERROR: The -of|--offline-installation option must be used with -a, -ws, -wi, or -wd.
🟢 Validation of wazuh-offline tar.gz fileSuccess case root@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a -v
29/11/2023 11:08:43 DEBUG: Checking root permissions.
29/11/2023 11:08:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
29/11/2023 11:08:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
29/11/2023 11:08:43 DEBUG: APT package manager will be used.
29/11/2023 11:08:43 INFO: Checking installed dependencies for Offline installation.
29/11/2023 11:08:45 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder.
29/11/2023 11:08:45 DEBUG: wazuh-offline.tar.gz was found correctly. Case of missing tar file root@ubuntu22:/home/vagrant# ls | grep wazuh-offline.tar.gz
root@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a -v
29/11/2023 11:09:25 DEBUG: Checking root permissions.
29/11/2023 11:09:25 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
29/11/2023 11:09:25 INFO: Verbose logging redirected to /var/log/wazuh-install.log
29/11/2023 11:09:25 DEBUG: APT package manager will be used.
29/11/2023 11:09:25 INFO: Checking installed dependencies for Offline installation.
29/11/2023 11:09:27 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder.
29/11/2023 11:09:27 ERROR: The wazuh-offline.tar.gz file was not found in /home/vagrant.
🟢 Validation of files extraction and checkCase of missing file: root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -of -v
01/12/2023 11:02:59 DEBUG: Checking root permissions.
01/12/2023 11:02:59 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
01/12/2023 11:02:59 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/12/2023 11:02:59 DEBUG: APT package manager will be used.
01/12/2023 11:02:59 INFO: Checking installed dependencies for Offline installation.
01/12/2023 11:03:01 DEBUG: Offline dependencies are installed.
01/12/2023 11:03:01 DEBUG: Checking system distribution.
01/12/2023 11:03:01 DEBUG: Detected distribution name: ubuntu
01/12/2023 11:03:01 DEBUG: Detected distribution version: 22
01/12/2023 11:03:01 DEBUG: Checking Wazuh installation.
01/12/2023 11:03:02 DEBUG: Checking system architecture.
01/12/2023 11:03:02 INFO: Verifying that your system meets the recommended minimum hardware requirements.
01/12/2023 11:03:02 DEBUG: CPU cores detected: 2
01/12/2023 11:03:02 DEBUG: Free RAM memory detected: 3924
01/12/2023 11:03:02 INFO: Wazuh web interface port will be 443.
01/12/2023 11:03:02 DEBUG: Checking ports availability.
01/12/2023 11:03:03 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder.
01/12/2023 11:03:03 DEBUG: wazuh-offline.tar.gz was found correctly.
01/12/2023 11:03:03 DEBUG: Extracting files from wazuh-offline.tar.gz
01/12/2023 11:03:09 ERROR: Missing offline file: /home/vagrant/wazuh-offline/wazuh-packages/filebeeat-oss-*.deb Success case: root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -of -v
01/12/2023 11:03:30 DEBUG: Checking root permissions.
01/12/2023 11:03:30 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
01/12/2023 11:03:30 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/12/2023 11:03:30 DEBUG: APT package manager will be used.
01/12/2023 11:03:30 INFO: Checking installed dependencies for Offline installation.
01/12/2023 11:03:31 DEBUG: Offline dependencies are installed.
01/12/2023 11:03:31 DEBUG: Checking system distribution.
01/12/2023 11:03:31 DEBUG: Detected distribution name: ubuntu
01/12/2023 11:03:31 DEBUG: Detected distribution version: 22
01/12/2023 11:03:31 DEBUG: Checking Wazuh installation.
01/12/2023 11:03:32 DEBUG: Checking system architecture.
01/12/2023 11:03:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
01/12/2023 11:03:32 DEBUG: CPU cores detected: 2
01/12/2023 11:03:32 DEBUG: Free RAM memory detected: 3924
01/12/2023 11:03:32 INFO: Wazuh web interface port will be 443.
01/12/2023 11:03:32 DEBUG: Checking ports availability.
01/12/2023 11:03:33 INFO: Checking wazuh-offline.tar.gz file and wazuh-certificates folder.
01/12/2023 11:03:33 DEBUG: wazuh-offline.tar.gz was found correctly.
01/12/2023 11:03:33 DEBUG: Extracting files from wazuh-offline.tar.gz
01/12/2023 11:03:40 DEBUG: Offline files extracted successfully.
🟢 Validation of Wazuh GPG key importroot@ubuntu22:/home/vagrant# bash wazuh-install.sh -of -a
04/12/2023 17:44:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
04/12/2023 17:44:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
04/12/2023 17:44:05 INFO: Checking installed dependencies for Offline installation.
04/12/2023 17:44:08 INFO: Verifying that your system meets the recommended minimum hardware requirements.
04/12/2023 17:44:08 INFO: Wazuh web interface port will be 443.
04/12/2023 17:44:09 INFO: Checking wazuh-offline.tar.gz file.
04/12/2023 17:44:37 INFO: Wazuh development repository added.
root@ubuntu22:/home/vagrant# grep ^ /etc/apt/sources.list /etc/apt/sources.list.d/*
...
/etc/apt/sources.list:# deb-src https://mirrors.edge.kernel.org/ubuntu/ jammy-security universe
/etc/apt/sources.list:deb https://mirrors.edge.kernel.org/ubuntu/ jammy-security multiverse
/etc/apt/sources.list:# deb-src https://mirrors.edge.kernel.org/ubuntu/ jammy-security multiverse
/etc/apt/sources.list.d/wazuh.list:deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main |
Created some EC2 instances to test the development in other OS. This issue goes to On Hold due to wazuh/wazuh-indexer#79 |
Update ReportCurrently I am working on some errors related to the RPM-based systems. It seems that, with no internet connection, the + eval 'yum install /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm -y 2>&1'
+++ yum install /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm -y
+ yum_output='Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
EL-9 - Wazuh 0.0 B/s | 0 B 01:52
Errors during downloading metadata for repository '\''wazuh'\'':
- Curl error (28): Timeout was reached for https://packages-dev.wazuh.com/pre-release/yum/repodata/repomd.xml [Failed to connect to packages-dev.wazuh.com port 443: Connection timed out]
Error: Failed to download metadata for repo '\''wazuh'\'': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried'
+ install_result=1
+ eval 'echo ${yum_output} 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ echo Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 0.0 B/s '|' 0 B 01:52 Errors during downloading metadata for repository ''\''wazuh'\'':' - Curl error '(28):' Timeout was reached for https://packages-dev.wazuh.com/pre-release/yum/repodata/repomd.xml '[Failed' to connect to packages-dev.wazuh.com port 443: Connection timed 'out]' Error: Failed to download metadata for repo ''\''wazuh'\'':' Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 0.0 B/s | 0 B 01:52 Errors during downloading metadata for repository 'wazuh': - Curl error (28): Timeout was reached for https://packages-dev.wazuh.com/pre-release/yum/repodata/repomd.xml [Failed to connect to packages-dev.wazuh.com port 443: Connection timed out] Error: Failed to download metadata for repo 'wazuh': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
+ install_result=1 But, if I run this command manually, no errors are generated: [root@ip-172-31-36-51 ec2-user]# eval 'yum install /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm -y 2>&1'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 1:39:15 ago on Wed 13 Dec 2023 04:57:26 PM UTC.
Dependencies resolved.
===================================================
Package Arch Version Repository Size
===================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 @commandline 743 M
Transaction Summary
===================================================
Install 1 Package
Total size: 743 M
Installed size: 1.0 G
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x 1/1
Installing : wazuh-indexer-4.8.0-1.x 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Verifying : wazuh-indexer-4.8.0-1.x 1/1
Installed products updated.
Installed:
wazuh-indexer-4.8.0-1.x86_64
Complete!
[root@ip-172-31-36-51 ec2-user]# It is necessary to study the root cause of this situation and fix it. This behavior is seen in RHEL9 and CentOS8. In DEB-based systems, this behavior is not reproduced. ✔️ The proposed solution is to use |
Update ReportTestingBefore performing an offline installation, the necessary packages and files must be created. To do this, just use the root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -dw deb
14/12/2023 14:37:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 14:37:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 14:38:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/12/2023 14:38:11 INFO: --- Download Packages ---
14/12/2023 14:38:11 INFO: Starting Wazuh packages download.
14/12/2023 14:38:11 INFO: Downloading Wazuh deb packages for x86_64.
14/12/2023 14:38:17 INFO: The manager package was downloaded.
14/12/2023 14:38:18 INFO: The filebeat package was downloaded.
14/12/2023 14:38:31 INFO: The indexer package was downloaded.
14/12/2023 14:38:34 INFO: The dashboard package was downloaded.
14/12/2023 14:38:34 INFO: The packages are in wazuh-offline/wazuh-packages
14/12/2023 14:38:34 INFO: Downloading configuration files and assets.
14/12/2023 14:38:35 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
14/12/2023 14:38:35 INFO: The resource https://packages-dev.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded.
14/12/2023 14:38:36 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
14/12/2023 14:38:36 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.3.tar.gz was downloaded.
14/12/2023 14:38:36 INFO: The configuration files and assets are in wazuh-offline.tar.gz
14/12/2023 14:39:35 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
root@ip-172-31-37-181:/home/ubuntu# vi config.yml
root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -g
14/12/2023 14:39:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 14:39:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 14:40:01 ERROR: File /home/ubuntu/wazuh-install-files.tar already exists. Please remove it if you want to use a new configuration.
One this two tar files are created, they must be sent to the offline machines. 🟢 Distributed installation in CentOS7[root@centos7 vagrant]# bash wazuh-install.sh -wi node-1 -of -v
13/12/2023 16:54:04 DEBUG: Checking root permissions.
13/12/2023 16:54:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/12/2023 16:54:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/12/2023 16:54:04 DEBUG: YUM package manager will be used.
13/12/2023 16:54:04 INFO: Checking installed dependencies for Offline installation.
13/12/2023 16:54:06 DEBUG: Offline dependencies are installed.
13/12/2023 16:54:06 DEBUG: Checking system distribution.
13/12/2023 16:54:06 DEBUG: Detected distribution name: centos
13/12/2023 16:54:06 DEBUG: Detected distribution version: 7
13/12/2023 16:54:06 DEBUG: Checking Wazuh installation.
13/12/2023 16:54:09 DEBUG: Checking previous certificate existence.
13/12/2023 16:54:09 DEBUG: Checking system architecture.
13/12/2023 16:54:09 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/12/2023 16:54:09 DEBUG: CPU cores detected: 2
13/12/2023 16:54:09 DEBUG: Free RAM memory detected: 3789
13/12/2023 16:54:09 DEBUG: Checking ports availability.
13/12/2023 16:54:10 INFO: Checking wazuh-offline.tar.gz file.
13/12/2023 16:54:10 DEBUG: wazuh-offline.tar.gz was found correctly.
13/12/2023 16:54:10 DEBUG: Extracting files from wazuh-offline.tar.gz
13/12/2023 16:54:18 DEBUG: Offline files extracted successfully.
13/12/2023 16:54:18 DEBUG: Checking curl tool version.
13/12/2023 16:54:19 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
13/12/2023 16:54:19 INFO: Wazuh development repository added.
13/12/2023 16:54:19 DEBUG: Extracting Wazuh configuration.
13/12/2023 16:54:19 DEBUG: Reading configuration file.
13/12/2023 16:54:20 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 16:54:20 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 16:54:20 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 16:54:20 DEBUG: Checking node names in the configuration file.
13/12/2023 16:54:20 INFO: --- Wazuh indexer ---
13/12/2023 16:54:20 INFO: Starting Wazuh indexer installation.
13/12/2023 16:54:20 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm
Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm: wazuh-indexer-4.8.0-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 /wazuh-indexer-4.8.0-1.x86_64 1.0 G Transaction Summary ================================================================================ Install 1 Package Total size: 1.0 G Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.8.0-1 Complete!
13/12/2023 16:55:20 DEBUG: Checking Wazuh installation.
13/12/2023 16:55:21 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 16:55:22 INFO: Wazuh indexer installation finished.
13/12/2023 16:55:22 DEBUG: Configuring Wazuh indexer.
13/12/2023 16:55:22 DEBUG: Copying Wazuh indexer certificates.
13/12/2023 16:55:23 INFO: Wazuh indexer post-install configuration finished.
13/12/2023 16:55:23 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
13/12/2023 16:55:43 INFO: wazuh-indexer service started.
13/12/2023 16:55:43 INFO: Initializing Wazuh indexer cluster security settings.
13/12/2023 16:55:44 DEBUG: Setting Wazuh indexer cluster passwords.
13/12/2023 16:55:44 DEBUG: Checking Wazuh installation.
13/12/2023 16:55:48 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 16:55:49 INFO: Wazuh indexer cluster initialized.
13/12/2023 16:55:49 DEBUG: Restoring Wazuh repository.
13/12/2023 16:55:49 INFO: Installation finished.
[root@centos7 vagrant]# bash wazuh-install.sh -s
13/12/2023 16:55:59 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/12/2023 16:55:59 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/12/2023 16:56:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/12/2023 16:56:20 INFO: Wazuh indexer cluster security configuration initialized.
13/12/2023 16:56:22 INFO: The Wazuh indexer cluster ISM initialized.
13/12/2023 16:56:50 INFO: Updating the internal users.
13/12/2023 16:56:54 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
13/12/2023 16:57:07 INFO: Wazuh indexer cluster started.
[root@centos7 vagrant]# bash wazuh-install.sh -ws wazuh-1 -of -v
13/12/2023 16:57:32 DEBUG: Checking root permissions.
13/12/2023 16:57:32 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/12/2023 16:57:32 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/12/2023 16:57:32 DEBUG: YUM package manager will be used.
13/12/2023 16:57:32 INFO: Checking installed dependencies for Offline installation.
13/12/2023 16:57:34 DEBUG: Offline dependencies are installed.
13/12/2023 16:57:34 DEBUG: Checking system distribution.
13/12/2023 16:57:34 DEBUG: Detected distribution name: centos
13/12/2023 16:57:34 DEBUG: Detected distribution version: 7
13/12/2023 16:57:34 DEBUG: Checking Wazuh installation.
13/12/2023 16:57:36 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 16:57:37 DEBUG: Checking previous certificate existence.
13/12/2023 16:57:37 DEBUG: Checking system architecture.
13/12/2023 16:57:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/12/2023 16:57:37 DEBUG: CPU cores detected: 2
13/12/2023 16:57:37 DEBUG: Free RAM memory detected: 3789
13/12/2023 16:57:37 DEBUG: Checking ports availability.
13/12/2023 16:57:39 INFO: Checking wazuh-offline.tar.gz file.
13/12/2023 16:57:39 DEBUG: wazuh-offline.tar.gz was found correctly.
13/12/2023 16:57:39 DEBUG: Extracting files from wazuh-offline.tar.gz
13/12/2023 16:57:53 DEBUG: Offline files extracted successfully.
13/12/2023 16:57:53 DEBUG: Checking curl tool version.
13/12/2023 16:57:53 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
13/12/2023 16:57:53 INFO: Wazuh development repository added.
13/12/2023 16:57:53 DEBUG: Extracting Wazuh configuration.
13/12/2023 16:57:53 DEBUG: Reading configuration file.
13/12/2023 16:57:53 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 16:57:53 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 16:57:53 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 16:57:53 DEBUG: Checking node names in the configuration file.
13/12/2023 16:57:53 INFO: --- Wazuh server ---
13/12/2023 16:57:53 INFO: Starting the Wazuh manager installation.
13/12/2023 16:57:53 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm
Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm: wazuh-manager-4.8.0-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 /wazuh-manager-4.8.0-1.x86_64 669 M Transaction Summary ================================================================================ Install 1 Package Total size: 669 M Installed size: 669 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.8.0-1 Complete!
13/12/2023 16:58:50 DEBUG: Checking Wazuh installation.
13/12/2023 16:58:50 DEBUG: There are Wazuh remaining files.
13/12/2023 16:58:51 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 16:58:52 INFO: Wazuh manager installation finished.
13/12/2023 16:58:52 INFO: Starting service wazuh-manager.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
13/12/2023 16:59:09 INFO: wazuh-manager service started.
13/12/2023 16:59:09 INFO: Starting Filebeat installation.
13/12/2023 16:59:09 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm
Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm: filebeat-7.10.2-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package filebeat.x86_64 0:7.10.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 /filebeat-oss-7.10.2-x86_64 70 M Transaction Summary ================================================================================ Install 1 Package Total size: 70 M Installed size: 70 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat.x86_64 0:7.10.2-1 Complete!
13/12/2023 16:59:15 DEBUG: Checking Wazuh installation.
13/12/2023 16:59:15 DEBUG: There are Wazuh remaining files.
13/12/2023 16:59:16 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 16:59:17 DEBUG: There are Filebeat remaining files.
13/12/2023 16:59:18 INFO: Filebeat installation finished.
13/12/2023 16:59:18 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
13/12/2023 16:59:18 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
13/12/2023 16:59:18 INFO: Filebeat post-install configuration finished.
13/12/2023 16:59:18 DEBUG: Setting Wazuh indexer cluster passwords.
13/12/2023 16:59:18 DEBUG: Checking Wazuh installation.
13/12/2023 16:59:19 DEBUG: There are Wazuh remaining files.
13/12/2023 16:59:19 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 16:59:20 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
13/12/2023 16:59:23 DEBUG: Restarting filebeat service...
13/12/2023 16:59:23 DEBUG: filebeat started.
13/12/2023 16:59:23 DEBUG: Changing API passwords.
13/12/2023 16:59:26 INFO: Starting service filebeat.
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
13/12/2023 16:59:26 INFO: filebeat service started.
13/12/2023 16:59:26 DEBUG: Restoring Wazuh repository.
13/12/2023 16:59:27 INFO: Installation finished.
[root@centos7 vagrant]# bash wazuh-install.sh -wd dashboard -of -v
13/12/2023 16:59:53 DEBUG: Checking root permissions.
13/12/2023 16:59:53 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/12/2023 16:59:53 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/12/2023 16:59:53 DEBUG: YUM package manager will be used.
13/12/2023 16:59:53 INFO: Checking installed dependencies for Offline installation.
13/12/2023 16:59:55 DEBUG: Offline dependencies are installed.
13/12/2023 16:59:55 DEBUG: Checking system distribution.
13/12/2023 16:59:55 DEBUG: Detected distribution name: centos
13/12/2023 16:59:55 DEBUG: Detected distribution version: 7
13/12/2023 16:59:55 DEBUG: Checking Wazuh installation.
13/12/2023 16:59:56 DEBUG: There are Wazuh remaining files.
13/12/2023 16:59:57 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 16:59:57 DEBUG: There are Filebeat remaining files.
13/12/2023 16:59:58 DEBUG: Checking previous certificate existence.
13/12/2023 16:59:58 DEBUG: Checking system architecture.
13/12/2023 16:59:58 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/12/2023 16:59:58 DEBUG: CPU cores detected: 2
13/12/2023 16:59:58 DEBUG: Free RAM memory detected: 3789
13/12/2023 16:59:58 INFO: Wazuh web interface port will be 443.
13/12/2023 16:59:58 DEBUG: Checking ports availability.
13/12/2023 17:00:00 INFO: Checking wazuh-offline.tar.gz file.
13/12/2023 17:00:00 DEBUG: wazuh-offline.tar.gz was found correctly.
13/12/2023 17:00:00 DEBUG: Extracting files from wazuh-offline.tar.gz
13/12/2023 17:00:16 DEBUG: Offline files extracted successfully.
13/12/2023 17:00:16 DEBUG: Checking curl tool version.
13/12/2023 17:00:16 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
13/12/2023 17:00:16 INFO: Wazuh development repository added.
13/12/2023 17:00:16 DEBUG: Extracting Wazuh configuration.
13/12/2023 17:00:16 DEBUG: Reading configuration file.
13/12/2023 17:00:16 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 17:00:16 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 17:00:16 DEBUG: Checking if 127.0.0.1 is private.
13/12/2023 17:00:16 DEBUG: Checking node names in the configuration file.
13/12/2023 17:00:16 INFO: --- Wazuh dashboard ----
13/12/2023 17:00:16 INFO: Starting Wazuh dashboard installation.
13/12/2023 17:00:16 DEBUG: Installing local package /home/vagrant/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm
Loaded plugins: fastestmirror Examining /home/vagrant/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm: wazuh-dashboard-4.8.0-1.x86_64 Marking /home/vagrant/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help). --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 /wazuh-dashboard-4.8.0-1.x86_64 902 M Transaction Summary ================================================================================ Install 1 Package Total size: 902 M Installed size: 902 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-1 Complete!
13/12/2023 17:02:08 DEBUG: Checking Wazuh installation.
13/12/2023 17:02:09 DEBUG: There are Wazuh remaining files.
13/12/2023 17:02:10 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 17:02:11 DEBUG: There are Filebeat remaining files.
13/12/2023 17:02:11 DEBUG: There are Wazuh dashboard remaining files.
13/12/2023 17:02:11 INFO: Wazuh dashboard installation finished.
13/12/2023 17:02:11 DEBUG: Configuring Wazuh dashboard.
13/12/2023 17:02:11 DEBUG: Copying Wazuh dashboard certificates.
13/12/2023 17:02:11 DEBUG: Wazuh dashboard certificate setup finished.
13/12/2023 17:02:11 INFO: Wazuh dashboard post-install configuration finished.
13/12/2023 17:02:11 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
13/12/2023 17:02:12 INFO: wazuh-dashboard service started.
13/12/2023 17:02:12 DEBUG: Setting Wazuh indexer cluster passwords.
13/12/2023 17:02:12 DEBUG: Checking Wazuh installation.
13/12/2023 17:02:12 DEBUG: There are Wazuh remaining files.
13/12/2023 17:02:13 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 17:02:14 DEBUG: There are Filebeat remaining files.
13/12/2023 17:02:15 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
13/12/2023 17:02:16 DEBUG: Restarting filebeat service...
13/12/2023 17:02:16 DEBUG: filebeat started.
13/12/2023 17:02:18 DEBUG: Restarting wazuh-dashboard service...
13/12/2023 17:02:22 DEBUG: wazuh-dashboard started.
13/12/2023 17:02:22 DEBUG: Changing API passwords.
13/12/2023 17:02:37 INFO: Initializing Wazuh dashboard web application.
13/12/2023 17:02:37 DEBUG: Wazuh dashboard connection was successful.
13/12/2023 17:02:37 INFO: Wazuh dashboard web application initialized.
13/12/2023 17:02:37 INFO: --- Summary ---
13/12/2023 17:02:37 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: w593SjtkcfYCUnF?FjsS3WkaJ6xTOxkw
13/12/2023 17:02:37 DEBUG: Restoring Wazuh repository.
13/12/2023 17:02:37 INFO: Installation finished.
🟢 Distributed (online) installation in AL2root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -wi wazuh-indexer -i -v
14/12/2023 11:14:09 DEBUG: Checking root permissions.
14/12/2023 11:14:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:14:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:14:09 DEBUG: APT package manager will be used.
14/12/2023 11:14:09 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Reading package lists...
14/12/2023 11:14:19 DEBUG: Checking system distribution.
14/12/2023 11:14:19 DEBUG: Detected distribution name: ubuntu
14/12/2023 11:14:19 DEBUG: Detected distribution version: 22
14/12/2023 11:14:19 DEBUG: Checking Wazuh installation.
14/12/2023 11:14:21 DEBUG: Checking previous certificate existence.
14/12/2023 11:14:21 DEBUG: Checking system architecture.
14/12/2023 11:14:21 WARNING: Hardware and system checks ignored.
14/12/2023 11:14:21 DEBUG: Checking ports availability.
14/12/2023 11:14:22 DEBUG: Installing prerequisites dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Reading package lists...
14/12/2023 11:14:27 DEBUG: Checking curl tool version.
14/12/2023 11:14:27 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB]
Fetched 53.3 kB in 1s (38.5 kB/s)
Reading package lists...
14/12/2023 11:14:31 INFO: Wazuh development repository added.
14/12/2023 11:14:31 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:14:31 DEBUG: Reading configuration file.
14/12/2023 11:14:31 DEBUG: Checking node names in the configuration file.
14/12/2023 11:14:31 INFO: --- Wazuh indexer ---
14/12/2023 11:14:31 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. S NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
14/12/2023 11:15:56 DEBUG: Checking Wazuh installation.
14/12/2023 11:15:57 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:15:58 INFO: Wazuh indexer installation finished.
14/12/2023 11:15:58 DEBUG: Configuring Wazuh indexer.
14/12/2023 11:15:59 DEBUG: Copying Wazuh indexer certificates.
14/12/2023 11:15:59 INFO: Wazuh indexer post-install configuration finished.
14/12/2023 11:15:59 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
14/12/2023 11:16:26 INFO: wazuh-indexer service started.
14/12/2023 11:16:26 INFO: Initializing Wazuh indexer cluster security settings.
14/12/2023 11:16:26 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:16:26 DEBUG: Checking Wazuh installation.
14/12/2023 11:16:28 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:16:29 INFO: Wazuh indexer cluster initialized.
14/12/2023 11:16:29 DEBUG: Restoring Wazuh repository.
14/12/2023 11:16:29 INFO: Installation finished.
root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -ws wazuh-server -i -v
14/12/2023 11:17:28 DEBUG: Checking root permissions.
14/12/2023 11:17:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:17:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:17:28 DEBUG: APT package manager will be used.
14/12/2023 11:17:28 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Get:7 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [34.7 kB]
Fetched 51.9 kB in 1s (45.6 kB/s)
Reading package lists...
14/12/2023 11:17:36 DEBUG: Checking system distribution.
14/12/2023 11:17:36 DEBUG: Detected distribution name: ubuntu
14/12/2023 11:17:36 DEBUG: Detected distribution version: 22
14/12/2023 11:17:36 DEBUG: Checking Wazuh installation.
14/12/2023 11:17:38 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:17:39 DEBUG: Checking previous certificate existence.
14/12/2023 11:17:39 DEBUG: Checking system architecture.
14/12/2023 11:17:39 WARNING: Hardware and system checks ignored.
14/12/2023 11:17:39 DEBUG: Checking ports availability.
14/12/2023 11:17:40 DEBUG: Installing prerequisites dependencies.
Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Reading package lists...
14/12/2023 11:17:45 DEBUG: Checking curl tool version.
14/12/2023 11:17:45 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB]
Fetched 53.3 kB in 1s (38.1 kB/s)
Reading package lists...
14/12/2023 11:17:49 INFO: Wazuh development repository added.
14/12/2023 11:17:49 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:17:49 DEBUG: Reading configuration file.
14/12/2023 11:17:50 DEBUG: Checking node names in the configuration file.
14/12/2023 11:17:50 INFO: --- Wazuh server ---
14/12/2023 11:17:50 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
14/12/2023 11:19:35 DEBUG: Checking Wazuh installation.
14/12/2023 11:19:35 DEBUG: There are Wazuh remaining files.
14/12/2023 11:19:36 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:19:37 INFO: Wazuh manager installation finished.
14/12/2023 11:19:37 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
14/12/2023 11:20:01 INFO: wazuh-manager service started.
14/12/2023 11:20:01 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
14/12/2023 11:20:15 DEBUG: Checking Wazuh installation.
14/12/2023 11:20:16 DEBUG: There are Wazuh remaining files.
14/12/2023 11:20:17 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:20:17 DEBUG: There are Filebeat remaining files.
14/12/2023 11:20:18 INFO: Filebeat installation finished.
14/12/2023 11:20:18 DEBUG: Configuring Filebeat.
14/12/2023 11:20:18 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
14/12/2023 11:20:19 DEBUG: Filebeat module was downloaded successfully.
14/12/2023 11:20:19 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/12/2023 11:20:19 INFO: Filebeat post-install configuration finished.
14/12/2023 11:20:19 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:20:19 DEBUG: Checking Wazuh installation.
14/12/2023 11:20:20 DEBUG: There are Wazuh remaining files.
14/12/2023 11:20:21 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:20:21 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
14/12/2023 11:20:24 DEBUG: Restarting filebeat service...
14/12/2023 11:20:25 DEBUG: filebeat started.
14/12/2023 11:20:25 DEBUG: Changing API passwords.
14/12/2023 11:20:27 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
14/12/2023 11:20:30 INFO: filebeat service started.
14/12/2023 11:20:30 DEBUG: Restoring Wazuh repository.
14/12/2023 11:20:30 INFO: Installation finished.
root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -s
14/12/2023 11:20:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:20:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:20:52 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/12/2023 11:21:10 INFO: Wazuh indexer cluster security configuration initialized.
14/12/2023 11:21:12 INFO: The Wazuh indexer cluster ISM initialized.
14/12/2023 11:21:40 INFO: Updating the internal users.
14/12/2023 11:21:45 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/12/2023 11:22:02 INFO: Wazuh indexer cluster started.
root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -wd wazuh-dashboard -i -v
14/12/2023 11:22:27 DEBUG: Checking root permissions.
14/12/2023 11:22:27 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:22:27 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:22:27 DEBUG: APT package manager will be used.
14/12/2023 11:22:27 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Reading package lists...
14/12/2023 11:22:36 DEBUG: Checking system distribution.
14/12/2023 11:22:36 DEBUG: Detected distribution name: ubuntu
14/12/2023 11:22:36 DEBUG: Detected distribution version: 22
14/12/2023 11:22:36 DEBUG: Checking Wazuh installation.
14/12/2023 11:22:36 DEBUG: There are Wazuh remaining files.
14/12/2023 11:22:37 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:22:37 DEBUG: There are Filebeat remaining files.
14/12/2023 11:22:38 DEBUG: Checking previous certificate existence.
14/12/2023 11:22:38 DEBUG: Checking system architecture.
14/12/2023 11:22:38 WARNING: Hardware and system checks ignored.
14/12/2023 11:22:38 INFO: Wazuh web interface port will be 443.
14/12/2023 11:22:38 DEBUG: Checking ports availability.
14/12/2023 11:22:39 DEBUG: Installing prerequisites dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Reading package lists...
14/12/2023 11:22:45 DEBUG: Checking curl tool version.
14/12/2023 11:22:45 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB]
Fetched 53.3 kB in 1s (38.9 kB/s)
Reading package lists...
14/12/2023 11:22:49 INFO: Wazuh development repository added.
14/12/2023 11:22:49 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:22:49 DEBUG: Reading configuration file.
14/12/2023 11:22:49 DEBUG: Checking node names in the configuration file.
14/12/2023 11:22:49 INFO: --- Wazuh dashboard ----
14/12/2023 11:22:49 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1
14/12/2023 11:23:57 DEBUG: Checking Wazuh installation.
14/12/2023 11:23:58 DEBUG: There are Wazuh remaining files.
14/12/2023 11:23:59 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:23:59 DEBUG: There are Filebeat remaining files.
14/12/2023 11:24:00 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 11:24:00 INFO: Wazuh dashboard installation finished.
14/12/2023 11:24:00 DEBUG: Configuring Wazuh dashboard.
14/12/2023 11:24:00 DEBUG: Copying Wazuh dashboard certificates.
14/12/2023 11:24:00 DEBUG: Wazuh dashboard certificate setup finished.
14/12/2023 11:24:00 INFO: Wazuh dashboard post-install configuration finished.
14/12/2023 11:24:00 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
14/12/2023 11:24:01 INFO: wazuh-dashboard service started.
14/12/2023 11:24:01 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:24:01 DEBUG: Checking Wazuh installation.
14/12/2023 11:24:02 DEBUG: There are Wazuh remaining files.
14/12/2023 11:24:02 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:24:03 DEBUG: There are Filebeat remaining files.
14/12/2023 11:24:03 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
14/12/2023 11:24:04 DEBUG: Restarting filebeat service...
14/12/2023 11:24:05 DEBUG: filebeat started.
14/12/2023 11:24:06 DEBUG: Restarting wazuh-dashboard service...
14/12/2023 11:24:13 DEBUG: wazuh-dashboard started.
14/12/2023 11:24:13 DEBUG: Changing API passwords.
14/12/2023 11:24:33 INFO: Initializing Wazuh dashboard web application.
14/12/2023 11:24:33 DEBUG: Wazuh dashboard connection was successful.
14/12/2023 11:24:33 INFO: Wazuh dashboard web application initialized.
14/12/2023 11:24:33 INFO: --- Summary ---
14/12/2023 11:24:33 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: QEof+FUC.XNOAq?ZZWarQhIhQ0uPtrj6
🟢 Distributed (online) installation in Ubuntu 22[root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -wi wazuh-indexer -i -v
14/12/2023 11:11:35 DEBUG: Checking root permissions.
14/12/2023 11:11:35 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:11:35 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:11:35 DEBUG: YUM package manager will be used.
14/12/2023 11:11:35 DEBUG: Installing check dependencies.
14/12/2023 11:11:41 DEBUG: Checking system distribution.
14/12/2023 11:11:41 DEBUG: Detected distribution name: amzn
14/12/2023 11:11:41 DEBUG: Detected distribution version: 2
14/12/2023 11:11:41 DEBUG: Checking Wazuh installation.
14/12/2023 11:11:43 DEBUG: Checking previous certificate existence.
14/12/2023 11:11:43 DEBUG: Checking system architecture.
14/12/2023 11:11:43 WARNING: Hardware and system checks ignored.
14/12/2023 11:11:43 DEBUG: Checking ports availability.
14/12/2023 11:11:44 DEBUG: Installing prerequisites dependencies.
14/12/2023 11:11:45 DEBUG: Checking curl tool version.
14/12/2023 11:11:45 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
14/12/2023 11:11:46 INFO: Wazuh development repository added.
14/12/2023 11:11:46 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:11:46 DEBUG: Reading configuration file.
14/12/2023 11:11:46 DEBUG: Checking node names in the configuration file.
14/12/2023 11:11:46 INFO: --- Wazuh indexer ---
14/12/2023 11:11:46 INFO: Starting Wazuh indexer installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.8.0-1 Complete!
14/12/2023 11:13:12 DEBUG: Checking Wazuh installation.
14/12/2023 11:13:14 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:13:25 INFO: Wazuh indexer installation finished.
14/12/2023 11:13:25 DEBUG: Configuring Wazuh indexer.
14/12/2023 11:13:25 DEBUG: Copying Wazuh indexer certificates.
14/12/2023 11:13:25 INFO: Wazuh indexer post-install configuration finished.
14/12/2023 11:13:25 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
14/12/2023 11:13:48 INFO: wazuh-indexer service started.
14/12/2023 11:13:48 INFO: Initializing Wazuh indexer cluster security settings.
14/12/2023 11:13:49 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:13:49 DEBUG: Checking Wazuh installation.
14/12/2023 11:13:52 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:13:53 INFO: Wazuh indexer cluster initialized.
14/12/2023 11:13:53 DEBUG: Restoring Wazuh repository.
14/12/2023 11:13:53 INFO: Installation finished.
[root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -ws wazuh-server -i -v
14/12/2023 11:14:23 DEBUG: Checking root permissions.
14/12/2023 11:14:23 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:14:23 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:14:23 DEBUG: YUM package manager will be used.
14/12/2023 11:14:23 DEBUG: Installing check dependencies.
14/12/2023 11:14:28 DEBUG: Checking system distribution.
14/12/2023 11:14:28 DEBUG: Detected distribution name: amzn
14/12/2023 11:14:29 DEBUG: Detected distribution version: 2
14/12/2023 11:14:29 DEBUG: Checking Wazuh installation.
14/12/2023 11:14:30 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:14:31 DEBUG: Checking previous certificate existence.
14/12/2023 11:14:31 DEBUG: Checking system architecture.
14/12/2023 11:14:31 WARNING: Hardware and system checks ignored.
14/12/2023 11:14:31 DEBUG: Checking ports availability.
14/12/2023 11:14:32 DEBUG: Installing prerequisites dependencies.
14/12/2023 11:14:33 DEBUG: Checking curl tool version.
14/12/2023 11:14:33 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
14/12/2023 11:14:34 INFO: Wazuh development repository added.
14/12/2023 11:14:34 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:14:34 DEBUG: Reading configuration file.
14/12/2023 11:14:34 DEBUG: Checking node names in the configuration file.
14/12/2023 11:14:34 INFO: --- Wazuh server ---
14/12/2023 11:14:34 INFO: Starting the Wazuh manager installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 186 M Transaction Summary ================================================================================ Install 1 Package Total download size: 186 M Installed size: 669 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.8.0-1 Complete!
14/12/2023 11:14:54 DEBUG: Checking Wazuh installation.
14/12/2023 11:14:55 DEBUG: There are Wazuh remaining files.
14/12/2023 11:14:56 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:15:07 INFO: Wazuh manager installation finished.
14/12/2023 11:15:07 INFO: Starting service wazuh-manager.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
14/12/2023 11:15:25 INFO: wazuh-manager service started.
14/12/2023 11:15:25 INFO: Starting Filebeat installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package filebeat.x86_64 0:7.10.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat.x86_64 0:7.10.2-1 Complete!
14/12/2023 11:15:32 DEBUG: Checking Wazuh installation.
14/12/2023 11:15:33 DEBUG: There are Wazuh remaining files.
14/12/2023 11:15:34 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:15:44 DEBUG: There are Filebeat remaining files.
14/12/2023 11:15:45 INFO: Filebeat installation finished.
14/12/2023 11:15:45 DEBUG: Configuring Filebeat.
14/12/2023 11:15:45 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
14/12/2023 11:15:45 DEBUG: Filebeat module was downloaded successfully.
14/12/2023 11:15:45 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/12/2023 11:15:46 INFO: Filebeat post-install configuration finished.
14/12/2023 11:15:46 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:15:46 DEBUG: Checking Wazuh installation.
14/12/2023 11:15:47 DEBUG: There are Wazuh remaining files.
14/12/2023 11:15:47 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:15:48 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
14/12/2023 11:15:50 DEBUG: Restarting filebeat service...
14/12/2023 11:15:50 DEBUG: filebeat started.
14/12/2023 11:15:50 DEBUG: Changing API passwords.
14/12/2023 11:15:52 INFO: Starting service filebeat.
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
14/12/2023 11:15:52 INFO: filebeat service started.
14/12/2023 11:15:52 DEBUG: Restoring Wazuh repository.
14/12/2023 11:15:52 INFO: Installation finished.
[root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -ws^C
[root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -s
14/12/2023 11:17:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:17:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:17:40 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/12/2023 11:17:53 INFO: Wazuh indexer cluster security configuration initialized.
14/12/2023 11:17:55 INFO: The Wazuh indexer cluster ISM initialized.
14/12/2023 11:18:22 INFO: Updating the internal users.
14/12/2023 11:18:27 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/12/2023 11:18:42 INFO: Wazuh indexer cluster started.
[root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -wd wazuh-dashboard -i -v
14/12/2023 11:19:02 DEBUG: Checking root permissions.
14/12/2023 11:19:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:19:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:19:02 DEBUG: YUM package manager will be used.
14/12/2023 11:19:02 DEBUG: Installing check dependencies.
14/12/2023 11:19:08 DEBUG: Checking system distribution.
14/12/2023 11:19:08 DEBUG: Detected distribution name: amzn
14/12/2023 11:19:08 DEBUG: Detected distribution version: 2
14/12/2023 11:19:08 DEBUG: Checking Wazuh installation.
14/12/2023 11:19:09 DEBUG: There are Wazuh remaining files.
14/12/2023 11:19:10 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:19:10 DEBUG: There are Filebeat remaining files.
14/12/2023 11:19:11 DEBUG: Checking previous certificate existence.
14/12/2023 11:19:11 DEBUG: Checking system architecture.
14/12/2023 11:19:11 WARNING: Hardware and system checks ignored.
14/12/2023 11:19:11 INFO: Wazuh web interface port will be 443.
14/12/2023 11:19:11 DEBUG: Checking ports availability.
14/12/2023 11:19:12 DEBUG: Installing prerequisites dependencies.
14/12/2023 11:19:13 DEBUG: Checking curl tool version.
14/12/2023 11:19:13 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
14/12/2023 11:19:14 INFO: Wazuh development repository added.
14/12/2023 11:19:14 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:19:14 DEBUG: Reading configuration file.
14/12/2023 11:19:14 DEBUG: Checking node names in the configuration file.
14/12/2023 11:19:14 INFO: --- Wazuh dashboard ----
14/12/2023 11:19:14 INFO: Starting Wazuh dashboard installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-1 Complete!
14/12/2023 11:20:09 DEBUG: Checking Wazuh installation.
14/12/2023 11:20:11 DEBUG: There are Wazuh remaining files.
14/12/2023 11:20:23 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:20:24 DEBUG: There are Filebeat remaining files.
14/12/2023 11:20:25 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 11:20:25 INFO: Wazuh dashboard installation finished.
14/12/2023 11:20:25 DEBUG: Configuring Wazuh dashboard.
14/12/2023 11:20:25 DEBUG: Copying Wazuh dashboard certificates.
14/12/2023 11:20:25 DEBUG: Wazuh dashboard certificate setup finished.
14/12/2023 11:20:25 INFO: Wazuh dashboard post-install configuration finished.
14/12/2023 11:20:25 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
14/12/2023 11:20:25 INFO: wazuh-dashboard service started.
14/12/2023 11:20:25 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:20:25 DEBUG: Checking Wazuh installation.
14/12/2023 11:20:26 DEBUG: There are Wazuh remaining files.
14/12/2023 11:20:27 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:20:28 DEBUG: There are Filebeat remaining files.
14/12/2023 11:20:28 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
14/12/2023 11:20:29 DEBUG: Restarting filebeat service...
14/12/2023 11:20:29 DEBUG: filebeat started.
14/12/2023 11:20:30 DEBUG: Restarting wazuh-dashboard service...
14/12/2023 11:20:36 DEBUG: wazuh-dashboard started.
14/12/2023 11:20:36 DEBUG: Changing API passwords.
14/12/2023 11:20:51 INFO: Initializing Wazuh dashboard web application.
14/12/2023 11:20:52 DEBUG: Wazuh dashboard connection was successful.
14/12/2023 11:20:52 INFO: Wazuh dashboard web application initialized.
14/12/2023 11:20:52 INFO: --- Summary ---
14/12/2023 11:20:52 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: +n.0dE28ZtVEGKcHRz020hdAhyULJYyt
14/12/2023 11:20:52 DEBUG: Restoring Wazuh repository.
14/12/2023 11:20:52 INFO: Installation finished.
[root@ip-172-31-40-241 ec2-user]#
🟢 AIO (online) installation in AL2[root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -a -i -v
14/12/2023 11:24:39 DEBUG: Checking root permissions.
14/12/2023 11:24:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:24:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:24:39 DEBUG: YUM package manager will be used.
14/12/2023 11:24:39 DEBUG: Installing check dependencies.
14/12/2023 11:24:39 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (1/10)
14/12/2023 11:25:15 DEBUG: Checking system distribution.
14/12/2023 11:25:15 DEBUG: Detected distribution name: amzn
14/12/2023 11:25:15 DEBUG: Detected distribution version: 2
14/12/2023 11:25:15 DEBUG: Checking Wazuh installation.
14/12/2023 11:25:18 DEBUG: Checking system architecture.
14/12/2023 11:25:18 WARNING: Hardware and system checks ignored.
14/12/2023 11:25:18 INFO: Wazuh web interface port will be 443.
14/12/2023 11:25:18 DEBUG: Checking ports availability.
14/12/2023 11:25:20 DEBUG: Installing prerequisites dependencies.
14/12/2023 11:25:21 DEBUG: Checking curl tool version.
14/12/2023 11:25:21 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
14/12/2023 11:25:22 INFO: Wazuh development repository added.
14/12/2023 11:25:22 INFO: --- Configuration files ---
14/12/2023 11:25:22 INFO: Generating configuration files.
14/12/2023 11:25:22 DEBUG: Creating Wazuh certificates.
14/12/2023 11:25:22 DEBUG: Reading configuration file.
14/12/2023 11:25:22 DEBUG: Creating the root certificate.
Generating a 2048 bit RSA private key
..................................................................................+++
...........+++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
14/12/2023 11:25:22 DEBUG: Generating Admin certificates.
Generating RSA private key, 2048 bit long modulus
..............................................+++
...........................+++
e is 65537 (0x10001)
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin
Getting CA Private Key
14/12/2023 11:25:22 DEBUG: Generating Wazuh indexer certificates.
14/12/2023 11:25:22 DEBUG: Creating the Wazuh indexer certificates.
14/12/2023 11:25:22 DEBUG: Generating certificate configuration.
Generating a 2048 bit RSA private key
...........................................................................................................+++
...............+++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-indexer
Getting CA Private Key
14/12/2023 11:25:22 DEBUG: Generating Filebeat certificates.
14/12/2023 11:25:22 DEBUG: Creating the Wazuh server certificates.
14/12/2023 11:25:22 DEBUG: Generating certificate configuration.
Generating a 2048 bit RSA private key
........................+++
.....................................................................+++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-server
Getting CA Private Key
14/12/2023 11:25:22 DEBUG: Generating Wazuh dashboard certificates.
14/12/2023 11:25:22 DEBUG: Creating the Wazuh dashboard certificates.
14/12/2023 11:25:22 DEBUG: Generating certificate configuration.
Generating a 2048 bit RSA private key
........................................................................+++
.....................+++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-dashboard
Getting CA Private Key
14/12/2023 11:25:23 DEBUG: Cleaning certificate files.
14/12/2023 11:25:23 DEBUG: Generating password file.
14/12/2023 11:25:23 DEBUG: Generating random passwords.
14/12/2023 11:25:23 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/12/2023 11:25:23 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:25:23 DEBUG: Reading configuration file.
14/12/2023 11:25:23 INFO: --- Wazuh indexer ---
14/12/2023 11:25:23 INFO: Starting Wazuh indexer installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.8.0-1 Complete!
14/12/2023 11:26:49 DEBUG: Checking Wazuh installation.
14/12/2023 11:26:50 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:27:01 INFO: Wazuh indexer installation finished.
14/12/2023 11:27:01 DEBUG: Configuring Wazuh indexer.
14/12/2023 11:27:01 DEBUG: Copying Wazuh indexer certificates.
14/12/2023 11:27:01 INFO: Wazuh indexer post-install configuration finished.
14/12/2023 11:27:01 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
14/12/2023 11:27:24 INFO: wazuh-indexer service started.
14/12/2023 11:27:24 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
14/12/2023 11:27:36 INFO: The Wazuh indexer cluster ISM initialized.
14/12/2023 11:27:36 INFO: Wazuh indexer cluster initialized.
14/12/2023 11:27:36 INFO: --- Wazuh server ---
14/12/2023 11:27:36 INFO: Starting the Wazuh manager installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-manager.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 186 M Transaction Summary ================================================================================ Install 1 Package Total download size: 186 M Installed size: 669 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed: wazuh-manager.x86_64 0:4.8.0-1 Complete!
14/12/2023 11:27:54 DEBUG: Checking Wazuh installation.
14/12/2023 11:27:55 DEBUG: There are Wazuh remaining files.
14/12/2023 11:27:56 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:28:07 INFO: Wazuh manager installation finished.
14/12/2023 11:28:07 INFO: Starting service wazuh-manager.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
14/12/2023 11:28:24 INFO: wazuh-manager service started.
14/12/2023 11:28:24 INFO: Starting Filebeat installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package filebeat.x86_64 0:7.10.2-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat.x86_64 0:7.10.2-1 Complete!
14/12/2023 11:28:31 DEBUG: Checking Wazuh installation.
14/12/2023 11:28:32 DEBUG: There are Wazuh remaining files.
14/12/2023 11:28:33 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:28:43 DEBUG: There are Filebeat remaining files.
14/12/2023 11:28:44 INFO: Filebeat installation finished.
14/12/2023 11:28:44 DEBUG: Configuring Filebeat.
14/12/2023 11:28:44 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
14/12/2023 11:28:44 DEBUG: Filebeat module was downloaded successfully.
14/12/2023 11:28:44 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/12/2023 11:28:45 INFO: Filebeat post-install configuration finished.
14/12/2023 11:28:45 INFO: Starting service filebeat.
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
14/12/2023 11:28:45 INFO: filebeat service started.
14/12/2023 11:28:45 INFO: --- Wazuh dashboard ---
14/12/2023 11:28:45 INFO: Starting Wazuh dashboard installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package wazuh-dashboard.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed: wazuh-dashboard.x86_64 0:4.8.0-1 Complete!
14/12/2023 11:29:33 DEBUG: Checking Wazuh installation.
14/12/2023 11:29:34 DEBUG: There are Wazuh remaining files.
14/12/2023 11:29:35 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:29:35 DEBUG: There are Filebeat remaining files.
14/12/2023 11:29:36 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 11:29:36 INFO: Wazuh dashboard installation finished.
14/12/2023 11:29:36 DEBUG: Configuring Wazuh dashboard.
14/12/2023 11:29:36 DEBUG: Copying Wazuh dashboard certificates.
14/12/2023 11:29:36 DEBUG: Wazuh dashboard certificate setup finished.
14/12/2023 11:29:36 INFO: Wazuh dashboard post-install configuration finished.
14/12/2023 11:29:36 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
14/12/2023 11:29:37 INFO: wazuh-dashboard service started.
14/12/2023 11:29:37 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:29:37 DEBUG: Checking Wazuh installation.
14/12/2023 11:29:37 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (1/10)
14/12/2023 11:30:08 DEBUG: There are Wazuh remaining files.
14/12/2023 11:30:08 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:30:09 DEBUG: There are Filebeat remaining files.
14/12/2023 11:30:10 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 11:30:10 INFO: Updating the internal users.
14/12/2023 11:30:10 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 11:30:16 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
14/12/2023 11:30:16 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/12/2023 11:30:16 DEBUG: The internal users have been updated before changing the passwords.
14/12/2023 11:30:17 DEBUG: Generating password hashes.
14/12/2023 11:30:24 DEBUG: Password hashes generated.
14/12/2023 11:30:24 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 11:30:27 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
14/12/2023 11:30:28 DEBUG: Restarting filebeat service...
14/12/2023 11:30:29 DEBUG: filebeat started.
14/12/2023 11:30:30 DEBUG: Restarting wazuh-dashboard service...
14/12/2023 11:30:30 DEBUG: wazuh-dashboard started.
14/12/2023 11:30:30 DEBUG: Running security admin tool.
14/12/2023 11:30:30 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
14/12/2023 11:30:37 DEBUG: Passwords changed.
14/12/2023 11:30:37 DEBUG: Changing API passwords.
14/12/2023 11:30:44 INFO: Initializing Wazuh dashboard web application.
14/12/2023 11:30:45 INFO: Wazuh dashboard web application initialized.
14/12/2023 11:30:45 INFO: --- Summary ---
14/12/2023 11:30:45 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: 1..bbIwBtkvxEAWsSG2MYJl9*I.hWg6+
14/12/2023 11:30:45 DEBUG: Restoring Wazuh repository.
14/12/2023 11:30:45 INFO: Installation finished.
[root@ip-172-31-40-241 ec2-user]#
🟢 AIO (online) installation in Ubuntu22root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -a -v
14/12/2023 11:27:00 DEBUG: Checking root permissions.
14/12/2023 11:27:00 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 11:27:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 11:27:00 DEBUG: APT package manager will be used.
14/12/2023 11:27:00 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Reading package lists...
14/12/2023 11:27:10 DEBUG: Checking system distribution.
14/12/2023 11:27:10 DEBUG: Detected distribution name: ubuntu
14/12/2023 11:27:10 DEBUG: Detected distribution version: 22
14/12/2023 11:27:10 DEBUG: Checking Wazuh installation.
14/12/2023 11:27:12 DEBUG: Checking system architecture.
14/12/2023 11:27:12 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/12/2023 11:27:12 DEBUG: CPU cores detected: 2
14/12/2023 11:27:12 DEBUG: Free RAM memory detected: 3859
14/12/2023 11:27:12 INFO: Wazuh web interface port will be 443.
14/12/2023 11:27:12 DEBUG: Checking ports availability.
14/12/2023 11:27:13 DEBUG: Installing prerequisites dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Reading package lists...
14/12/2023 11:27:18 DEBUG: Checking curl tool version.
14/12/2023 11:27:18 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Hit:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Get:7 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.0 kB]
Fetched 53.3 kB in 1s (40.5 kB/s)
Reading package lists...
14/12/2023 11:27:22 INFO: Wazuh development repository added.
14/12/2023 11:27:22 INFO: --- Configuration files ---
14/12/2023 11:27:22 INFO: Generating configuration files.
14/12/2023 11:27:22 DEBUG: Creating Wazuh certificates.
14/12/2023 11:27:22 DEBUG: Reading configuration file.
14/12/2023 11:27:22 DEBUG: Creating the root certificate.
..........+.......+..+.+..+.......+.....+....+....................+.+...........+.......+.....+.......+..............+....+......+..............+...............+......+............+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.+..+............+.......+..............+....+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+...................+...+...+...............+............+.....+...+...+.+......+........+.+...+...+...+.....+..........+.....+.........+..........+..+.+..............+...+...+............+.+..............+.+......+.....+..........+......+............+...+............+..+....+.........+........+.......+......+.....+....+..........................+.+........+.......+......+.....+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+.......+...+.........+.....+...+...+.+....................+....+..+....+........+......+.+...+...+.....+.......+.....+......+................+...+..+.+..+.......+...+...+........+......+...+..........+............+...............+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+....+..+..........+..+.+..............+.+......+...+...........+......+....+............+.................+.......+...+......+..+.........+.+.....+.............+..+....+......+.....+....+.....+.........+.......+..+..........+..+.........+....+...+..............+.+...+...........+...+......+.+........+......+.+......+........+.........+.......+...............+.....+....+.....+......+....+..+.........+..................+......+....+.....+............+.+..+.+.........+.................+....+.........+...+............+..+...+......+....+...+...+..+...+.+.....+...............+.+...+..+.......+..+.+.....+..........+...+................................+...................+...+..+...+.............+..+..........+.....+.......+...+...+........+.......+....................+..........+..+......+.......+.........+...............+.....+...+.......+...+...+............+......+..+.......+..+.........+.+........+...+.......+.....+......+.+.....+....+....................+....+..+.+...+..............+.......+.....+.........+.+......+..+.............+..+.+.....+.+.........+............+........+......+......+.......+............+.....+......+...+.......+.....+...+....+...+..+............+.+..+.......+........+...+....+....................+.............+..+...+...+.......+...........+......+..........+......+........+.+.....+......+..........+...+.....+..........+.........+..+...+.......+...+.....+......+.+........................+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
14/12/2023 11:27:23 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
14/12/2023 11:27:23 DEBUG: Generating Wazuh indexer certificates.
14/12/2023 11:27:23 DEBUG: Creating the Wazuh indexer certificates.
14/12/2023 11:27:23 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.....+..........+......+..+.+.....+....+......+...........+....+.....+....+.....+......+..........+..+.......+.....+.......+.........+.....+.......+.................+.+..........................+.+.....+.........+....+..+.......+..+...+.+...........+...+.......+...........+....+...+..................+..+...+...+.+...........+.......+..+.+............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...........+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+......+...+..+......+...+.......+............+...+...+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+..................+.....+.+...+..+.........+....+..+......+.............+...............+..+...............+...+......+...+.+...........+.+............+..+.+..+............+.+...+...............+......+.....+.........+.+........+.+.....+.......+........+.+......+............+..+.+............+...+........+.........+...............+......+.+...+.....+.+..+............+...............+.+.....+.+...........+.......+...........+......+......+....+...+......+.....+..........+......+...+..................+..+...+...+....+...+........+.......+...............+..+...............+...............+...+.......+..+.+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
14/12/2023 11:27:24 DEBUG: Generating Filebeat certificates.
14/12/2023 11:27:24 DEBUG: Creating the Wazuh server certificates.
14/12/2023 11:27:24 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
..+...........+...+.+..................+..................+..+.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.....+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+............+.......+............+...........+............+.+......+........+.+..+....+......+...+.....+.......+..+............+.+...+.........+..+.........+.+.....+.+...+..+.......+........+....+...+........+............+.+.........+............+..............+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+.+...+..+...+.+......+......+...+............+........+.......+...+.....................+...+......+..+...+.+......+..+......+................+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+...+...+...+.......+............+..+....+...........+...+..........+.......................+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+..+...+......+.+........+.......+...+...........+......+.......+.....+.+.........+.....+...+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
14/12/2023 11:27:24 DEBUG: Generating Wazuh dashboard certificates.
14/12/2023 11:27:24 DEBUG: Creating the Wazuh dashboard certificates.
14/12/2023 11:27:24 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
..+...................+..+..........+........+.+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+..........+........+....+...+........+.........+.+..+...+....+...+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.........+......+.....+.......+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+........+...+....+...+............+.................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..............+....+........+...+....+..+...+...............+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
14/12/2023 11:27:24 DEBUG: Cleaning certificate files.
14/12/2023 11:27:24 DEBUG: Generating password file.
14/12/2023 11:27:24 DEBUG: Generating random passwords.
14/12/2023 11:27:24 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/12/2023 11:27:24 DEBUG: Extracting Wazuh configuration.
14/12/2023 11:27:24 DEBUG: Reading configuration file.
14/12/2023 11:27:25 INFO: --- Wazuh indexer ---
14/12/2023 11:27:25 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. S NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
14/12/2023 11:28:48 DEBUG: Checking Wazuh installation.
14/12/2023 11:28:49 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:28:50 INFO: Wazuh indexer installation finished.
14/12/2023 11:28:50 DEBUG: Configuring Wazuh indexer.
14/12/2023 11:28:50 DEBUG: Copying Wazuh indexer certificates.
14/12/2023 11:28:50 INFO: Wazuh indexer post-install configuration finished.
14/12/2023 11:28:50 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
14/12/2023 11:29:16 INFO: wazuh-indexer service started.
14/12/2023 11:29:16 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
14/12/2023 11:29:30 INFO: The Wazuh indexer cluster ISM initialized.
14/12/2023 11:29:30 INFO: Wazuh indexer cluster initialized.
14/12/2023 11:29:30 INFO: --- Wazuh server ---
14/12/2023 11:29:30 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
14/12/2023 11:31:17 DEBUG: Checking Wazuh installation.
14/12/2023 11:31:18 DEBUG: There are Wazuh remaining files.
14/12/2023 11:31:19 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:31:20 INFO: Wazuh manager installation finished.
14/12/2023 11:31:20 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
14/12/2023 11:31:44 INFO: wazuh-manager service started.
14/12/2023 11:31:44 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
14/12/2023 11:31:58 DEBUG: Checking Wazuh installation.
14/12/2023 11:31:59 DEBUG: There are Wazuh remaining files.
14/12/2023 11:31:59 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:32:00 DEBUG: There are Filebeat remaining files.
14/12/2023 11:32:00 INFO: Filebeat installation finished.
14/12/2023 11:32:00 DEBUG: Configuring Filebeat.
14/12/2023 11:32:01 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
14/12/2023 11:32:01 DEBUG: Filebeat module was downloaded successfully.
14/12/2023 11:32:01 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/12/2023 11:32:02 INFO: Filebeat post-install configuration finished.
14/12/2023 11:32:02 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
14/12/2023 11:32:04 INFO: filebeat service started.
14/12/2023 11:32:04 INFO: --- Wazuh dashboard ---
14/12/2023 11:32:04 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
14/12/2023 11:33:16 DEBUG: Checking Wazuh installation.
14/12/2023 11:33:16 DEBUG: There are Wazuh remaining files.
14/12/2023 11:33:17 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:33:18 DEBUG: There are Filebeat remaining files.
14/12/2023 11:33:18 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 11:33:18 INFO: Wazuh dashboard installation finished.
14/12/2023 11:33:18 DEBUG: Configuring Wazuh dashboard.
14/12/2023 11:33:18 DEBUG: Copying Wazuh dashboard certificates.
14/12/2023 11:33:18 DEBUG: Wazuh dashboard certificate setup finished.
14/12/2023 11:33:18 INFO: Wazuh dashboard post-install configuration finished.
14/12/2023 11:33:18 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
14/12/2023 11:33:19 INFO: wazuh-dashboard service started.
14/12/2023 11:33:19 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 11:33:19 DEBUG: Checking Wazuh installation.
14/12/2023 11:33:20 DEBUG: There are Wazuh remaining files.
14/12/2023 11:33:21 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 11:33:21 DEBUG: There are Filebeat remaining files.
14/12/2023 11:33:22 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 11:33:22 INFO: Updating the internal users.
14/12/2023 11:33:22 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 11:33:31 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
14/12/2023 11:33:31 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/12/2023 11:33:31 DEBUG: The internal users have been updated before changing the passwords.
14/12/2023 11:33:35 DEBUG: Generating password hashes.
14/12/2023 11:33:45 DEBUG: Password hashes generated.
14/12/2023 11:33:45 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 11:33:50 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
14/12/2023 11:33:51 DEBUG: Restarting filebeat service...
14/12/2023 11:33:51 DEBUG: filebeat started.
14/12/2023 11:33:53 DEBUG: Restarting wazuh-dashboard service...
14/12/2023 11:33:54 DEBUG: wazuh-dashboard started.
14/12/2023 11:33:54 DEBUG: Running security admin tool.
14/12/2023 11:33:54 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
14/12/2023 11:34:01 DEBUG: Passwords changed.
14/12/2023 11:34:01 DEBUG: Changing API passwords.
14/12/2023 11:34:08 INFO: Initializing Wazuh dashboard web application.
14/12/2023 11:34:10 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/12/2023 11:34:26 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/12/2023 11:34:41 INFO: Wazuh dashboard web application initialized.
14/12/2023 11:34:41 INFO: --- Summary ---
14/12/2023 11:34:41 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: ZVycft07bo0UJ+l32884zp6tvbinggfL
14/12/2023 11:34:41 DEBUG: Restoring Wazuh repository.
14/12/2023 11:34:41 INFO: Installation finished.
As the final testing, the offline installation has been tested in 5 instances of EC2 with the internet connection disabled. This has been done creating the [root@ip-172-31-40-241 ec2-user]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3074ms
[root@ip-172-31-40-241 ec2-user]# 🟢 AIO offline (no internet) in Debian 11root@ip-172-31-46-216:/home/admin# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2027ms
root@ip-172-31-46-216:/home/admin# bash wazuh-install.sh -a -of -v
13/12/2023 17:58:49 DEBUG: Checking root permissions.
13/12/2023 17:58:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/12/2023 17:58:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/12/2023 17:58:49 DEBUG: APT package manager will be used.
13/12/2023 17:58:49 INFO: Checking installed dependencies for Offline installation.
13/12/2023 17:58:51 DEBUG: Offline dependencies are installed.
13/12/2023 17:58:51 DEBUG: Checking system distribution.
13/12/2023 17:58:51 ERROR: The recommended systems are: Red Hat Enterprise Linux 7, 8, 9; CentOS 7, 8; Amazon Linux 2; Ubuntu 16.04, 18.04, 20.04, 22.04. The current system does not match this list. Use -i|--ignore-check to skip this check.
root@ip-172-31-46-216:/home/admin# bash wazuh-install.sh -a -of -v -i
13/12/2023 17:59:06 DEBUG: Checking root permissions.
13/12/2023 17:59:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/12/2023 17:59:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/12/2023 17:59:06 DEBUG: APT package manager will be used.
13/12/2023 17:59:06 INFO: Checking installed dependencies for Offline installation.
13/12/2023 17:59:07 DEBUG: Offline dependencies are installed.
13/12/2023 17:59:07 DEBUG: Checking system distribution.
13/12/2023 17:59:07 DEBUG: Detected distribution name: debian
13/12/2023 17:59:07 DEBUG: Detected distribution version: 11
13/12/2023 17:59:07 DEBUG: Checking Wazuh installation.
13/12/2023 17:59:09 DEBUG: Checking system architecture.
13/12/2023 17:59:09 WARNING: Hardware and system checks ignored.
13/12/2023 17:59:09 INFO: Wazuh web interface port will be 443.
13/12/2023 17:59:09 DEBUG: Checking ports availability.
13/12/2023 17:59:10 INFO: Checking wazuh-offline.tar.gz file.
13/12/2023 17:59:10 DEBUG: wazuh-offline.tar.gz was found correctly.
13/12/2023 17:59:10 DEBUG: Extracting files from wazuh-offline.tar.gz
13/12/2023 17:59:19 DEBUG: Offline files extracted successfully.
13/12/2023 17:59:19 DEBUG: Checking curl tool version.
13/12/2023 17:59:19 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Err:1 http://cdn-aws.deb.debian.org/debian bullseye InRelease
Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.116), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.35), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.41), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.40), connection timed out
Err:2 http://cdn-aws.deb.debian.org/debian bullseye-updates InRelease
Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable)
Err:3 http://cdn-aws.deb.debian.org/debian bullseye-backports InRelease
Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable)
Err:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:a400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1600:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:b200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:c800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out
Err:5 http://security.debian.org/debian-security bullseye-security InRelease
Cannot initiate the connection to debian.map.fastlydns.net:80 (2a04:4e42:78::644). - connect (101: Network is unreachable) Could not connect to debian.map.fastlydns.net:80 (146.75.30.132), connection timed out Cannot initiate the connection to security.debian.org:80 (2a04:4e42:600::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:400::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:200::644). - connect (101: Network is unreachable) Could not connect to security.debian.org:80 (151.101.66.132), connection timed out Could not connect to security.debian.org:80 (151.101.130.132), connection timed out Could not connect to security.debian.org:80 (151.101.194.132), connection timed out Could not connect to security.debian.org:80 (151.101.2.132), connection timed out
Reading package lists...
W: Failed to fetch http://cdn-aws.deb.debian.org/debian/dists/bullseye/InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.116), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.35), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.41), connection timed out Could not connect to cdn-aws.deb.debian.org:80 (18.160.46.40), connection timed out
W: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease Cannot initiate the connection to debian.map.fastlydns.net:80 (2a04:4e42:78::644). - connect (101: Network is unreachable) Could not connect to debian.map.fastlydns.net:80 (146.75.30.132), connection timed out Cannot initiate the connection to security.debian.org:80 (2a04:4e42:600::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:400::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:200::644). - connect (101: Network is unreachable) Could not connect to security.debian.org:80 (151.101.66.132), connection timed out Could not connect to security.debian.org:80 (151.101.130.132), connection timed out Could not connect to security.debian.org:80 (151.101.194.132), connection timed out Could not connect to security.debian.org:80 (151.101.2.132), connection timed out
W: Failed to fetch http://cdn-aws.deb.debian.org/debian/dists/bullseye-updates/InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable)
W: Failed to fetch http://cdn-aws.deb.debian.org/debian/dists/bullseye-backports/InRelease Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:200:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:d000:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:1a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:dc00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:2c00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:3a00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:ae00:c:a756:bac0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to cdn-aws.deb.debian.org:80 (2600:9000:24f3:9000:c:a756:bac0:93a1). - connect (101: Network is unreachable)
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:a400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1600:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:b200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:c800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out
W: Some index files failed to download. They have been ignored, or old ones used instead.
13/12/2023 18:00:22 INFO: Wazuh development repository added.
13/12/2023 18:00:22 INFO: --- Configuration files ---
13/12/2023 18:00:22 INFO: Generating configuration files.
13/12/2023 18:00:22 DEBUG: Creating Wazuh certificates.
13/12/2023 18:00:22 DEBUG: Reading configuration file.
13/12/2023 18:00:22 DEBUG: Creating the root certificate.
Generating a RSA private key
....+++++
............................................+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
13/12/2023 18:00:22 DEBUG: Generating Admin certificates.
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................................................+++++
.....................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
13/12/2023 18:00:22 DEBUG: Generating Wazuh indexer certificates.
13/12/2023 18:00:22 DEBUG: Creating the Wazuh indexer certificates.
13/12/2023 18:00:22 DEBUG: Generating certificate configuration.
Ignoring -days; not generating a certificate
Generating a RSA private key
..+++++
...................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
13/12/2023 18:00:22 DEBUG: Generating Filebeat certificates.
13/12/2023 18:00:22 DEBUG: Creating the Wazuh server certificates.
13/12/2023 18:00:22 DEBUG: Generating certificate configuration.
Ignoring -days; not generating a certificate
Generating a RSA private key
...........................................................................................................+++++
..............................................................................................................................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
13/12/2023 18:00:23 DEBUG: Generating Wazuh dashboard certificates.
13/12/2023 18:00:23 DEBUG: Creating the Wazuh dashboard certificates.
13/12/2023 18:00:23 DEBUG: Generating certificate configuration.
Ignoring -days; not generating a certificate
Generating a RSA private key
..................+++++
......................................................................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
13/12/2023 18:00:23 DEBUG: Cleaning certificate files.
13/12/2023 18:00:23 DEBUG: Generating password file.
13/12/2023 18:00:23 DEBUG: Generating random passwords.
13/12/2023 18:00:23 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
13/12/2023 18:00:23 DEBUG: Extracting Wazuh configuration.
13/12/2023 18:00:23 DEBUG: Reading configuration file.
13/12/2023 18:00:24 INFO: --- Wazuh indexer ---
13/12/2023 18:00:24 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/wazuh-indexer_4.8.0-1_amd64.deb wazuh-indexer amd64 4.8.0-1 [752 MB] Selecting previously unselected (Reading database ... 28797 files and directories c Preparing to unpack .../wazuh-indexer_4.8.0-1_amd6 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
13/12/2023 18:01:54 DEBUG: Checking Wazuh installation.
13/12/2023 18:01:54 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:01:55 INFO: Wazuh indexer installation finished.
13/12/2023 18:01:55 DEBUG: Configuring Wazuh indexer.
13/12/2023 18:01:55 DEBUG: Copying Wazuh indexer certificates.
13/12/2023 18:01:55 INFO: Wazuh indexer post-install configuration finished.
13/12/2023 18:01:55 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
13/12/2023 18:02:21 INFO: wazuh-indexer service started.
13/12/2023 18:02:21 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
13/12/2023 18:02:34 INFO: The Wazuh indexer cluster ISM initialized.
13/12/2023 18:02:34 INFO: Wazuh indexer cluster initialized.
13/12/2023 18:02:34 INFO: --- Wazuh server ---
13/12/2023 18:02:34 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/wazuh-manager_4.8.0-1_amd64.deb wazuh-manager amd64 4.8.0-1 [117 MB] Select(Reading database ... 29972 files and directories c Preparing to unpack .../wazuh-manager_4.8.0-1_amd6 Setting up wazuh-manager (4.8.0-1) ...
13/12/2023 18:04:07 DEBUG: Checking Wazuh installation.
13/12/2023 18:04:08 DEBUG: There are Wazuh remaining files.
13/12/2023 18:04:08 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:04:09 INFO: Wazuh manager installation finished.
13/12/2023 18:04:09 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
13/12/2023 18:04:32 INFO: wazuh-manager service started.
13/12/2023 18:04:32 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-amd64.deb filebeat amd64 7.10.2 [22.1 MB] Setting up filebeat (7.10.2) ...-oss-7.10.2-amd64.deb ...y installed.)
13/12/2023 18:04:38 DEBUG: Checking Wazuh installation.
13/12/2023 18:04:38 DEBUG: There are Wazuh remaining files.
13/12/2023 18:04:39 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:04:39 DEBUG: There are Filebeat remaining files.
13/12/2023 18:04:39 INFO: Filebeat installation finished.
13/12/2023 18:04:39 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
13/12/2023 18:04:39 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
13/12/2023 18:04:40 INFO: Filebeat post-install configuration finished.
13/12/2023 18:04:40 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
13/12/2023 18:04:41 INFO: filebeat service started.
13/12/2023 18:04:41 INFO: --- Wazuh dashboard ---
13/12/2023 18:04:41 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 38 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. Get:1 /home/admin/wazuh-offline/wazuh-packages/wazuh-dashboard_4.8.0-1_amd64.deb wazuh-dashboard amd64 4 Setting up wazuh-dashboard (4.8.0-1) ...4.8.0-1_amd64.deb ...stalled.).
13/12/2023 18:05:49 DEBUG: Checking Wazuh installation.
13/12/2023 18:05:49 DEBUG: There are Wazuh remaining files.
13/12/2023 18:05:50 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:05:50 DEBUG: There are Filebeat remaining files.
13/12/2023 18:05:51 DEBUG: There are Wazuh dashboard remaining files.
13/12/2023 18:05:51 INFO: Wazuh dashboard installation finished.
13/12/2023 18:05:51 DEBUG: Configuring Wazuh dashboard.
13/12/2023 18:05:51 DEBUG: Copying Wazuh dashboard certificates.
13/12/2023 18:05:51 DEBUG: Wazuh dashboard certificate setup finished.
13/12/2023 18:05:51 INFO: Wazuh dashboard post-install configuration finished.
13/12/2023 18:05:51 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
13/12/2023 18:05:52 INFO: wazuh-dashboard service started.
13/12/2023 18:05:52 DEBUG: Setting Wazuh indexer cluster passwords.
13/12/2023 18:05:52 DEBUG: Checking Wazuh installation.
13/12/2023 18:05:52 DEBUG: There are Wazuh remaining files.
13/12/2023 18:05:52 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:05:53 DEBUG: There are Filebeat remaining files.
13/12/2023 18:05:53 DEBUG: There are Wazuh dashboard remaining files.
13/12/2023 18:05:53 INFO: Updating the internal users.
13/12/2023 18:05:53 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
13/12/2023 18:06:02 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
13/12/2023 18:06:02 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
13/12/2023 18:06:02 DEBUG: The internal users have been updated before changing the passwords.
13/12/2023 18:06:04 DEBUG: Generating password hashes.
13/12/2023 18:06:15 DEBUG: Password hashes generated.
13/12/2023 18:06:15 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
13/12/2023 18:06:19 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
13/12/2023 18:06:19 DEBUG: Restarting filebeat service...
13/12/2023 18:06:19 DEBUG: filebeat started.
13/12/2023 18:06:21 DEBUG: Restarting wazuh-dashboard service...
13/12/2023 18:06:21 DEBUG: wazuh-dashboard started.
13/12/2023 18:06:21 DEBUG: Running security admin tool.
13/12/2023 18:06:21 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/admin
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
13/12/2023 18:06:27 DEBUG: Passwords changed.
13/12/2023 18:06:27 DEBUG: Changing API passwords.
13/12/2023 18:06:35 INFO: Initializing Wazuh dashboard web application.
13/12/2023 18:06:35 INFO: Wazuh dashboard web application not yet initialized. Waiting...
13/12/2023 18:06:51 INFO: Wazuh dashboard web application not yet initialized. Waiting...
13/12/2023 18:07:06 INFO: Wazuh dashboard web application initialized.
13/12/2023 18:07:06 INFO: --- Summary ---
13/12/2023 18:07:06 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: uMr0VEqd+bhxWwA?8bWAnlbyckD0lrdr
13/12/2023 18:07:06 DEBUG: Restoring Wazuh repository.
13/12/2023 18:07:06 INFO: Installation finished.
root@ip-172-31-46-216:/home/admin# 🟢 AIO offline (no internet) in Ubuntu 22root@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -a -of -v
13/12/2023 18:01:24 DEBUG: Checking root permissions.
13/12/2023 18:01:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
13/12/2023 18:01:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/12/2023 18:01:24 DEBUG: APT package manager will be used.
13/12/2023 18:01:24 INFO: Checking installed dependencies for Offline installation.
13/12/2023 18:01:29 DEBUG: Offline dependencies are installed.
13/12/2023 18:01:29 DEBUG: Checking system distribution.
13/12/2023 18:01:29 DEBUG: Detected distribution name: ubuntu
13/12/2023 18:01:29 DEBUG: Detected distribution version: 22
13/12/2023 18:01:29 DEBUG: Checking Wazuh installation.
13/12/2023 18:01:31 DEBUG: Checking system architecture.
13/12/2023 18:01:31 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/12/2023 18:01:31 DEBUG: CPU cores detected: 2
13/12/2023 18:01:31 DEBUG: Free RAM memory detected: 3859
13/12/2023 18:01:31 INFO: Wazuh web interface port will be 443.
13/12/2023 18:01:31 DEBUG: Checking ports availability.
13/12/2023 18:01:33 INFO: Checking wazuh-offline.tar.gz file.
13/12/2023 18:01:33 DEBUG: wazuh-offline.tar.gz was found correctly.
13/12/2023 18:01:33 DEBUG: Extracting files from wazuh-offline.tar.gz
13/12/2023 18:01:43 DEBUG: Offline files extracted successfully.
13/12/2023 18:01:43 DEBUG: Checking curl tool version.
13/12/2023 18:01:43 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Ign:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Ign:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Ign:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Ign:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Ign:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Ign:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Ign:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Ign:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Ign:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Ign:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Err:1 https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy InRelease
Cannot initiate the connection to ppa.launchpadcontent.net:443 (2620:2d:4000:1::81). - connect (101: Network is unreachable) Could not connect to ppa.launchpadcontent.net:443 (185.125.190.80), connection timed out
Err:2 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out
Err:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::102). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::103). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::101). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.83), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.81), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.36), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.82), connection timed out
Err:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.237.137.22), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.91.65.63), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.201.250.36), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.87.19.168), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.207.133.243), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.209.10.109), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.87.126.146), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.165.17.230), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (18.232.150.247), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.144.148.213), connection timed out
Err:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable)
Err:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable)
Reading package lists...
W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/jammy/InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable) Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.237.137.22), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.91.65.63), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (34.201.250.36), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.87.19.168), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (52.207.133.243), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.209.10.109), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (3.87.126.146), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.165.17.230), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (18.232.150.247), connection timed out Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.144.148.213), connection timed out
W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable)
W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c05:17c8:ad29:43bf:eb48). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c04:b8fe:122c:bb55:6b84). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:e093:e2e5:23b4:529f). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:7447:9a97:fa56:cd92). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:ed0c:fdfa:1470:afc0). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c03:edb9:571f:f204:4ac8). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c01:32a9:41b2:cfa3:904a). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:7669:c120:50a2:9af4). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c02:b55:260f:8030:b812). - connect (101: Network is unreachable) Cannot initiate the connection to us-east-1.ec2.archive.ubuntu.com:80 (2600:1f18:5c55:4c00:2637:a32b:ccef:30d5). - connect (101: Network is unreachable)
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::102). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::103). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4002:1::101). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.83), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.81), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.36), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.82), connection timed out
W: Failed to fetch https://ppa.launchpadcontent.net/ondrej/php/ubuntu/dists/jammy/InRelease Cannot initiate the connection to ppa.launchpadcontent.net:443 (2620:2d:4000:1::81). - connect (101: Network is unreachable) Could not connect to ppa.launchpadcontent.net:443 (185.125.190.80), connection timed out
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:7a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4a00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4c00:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1800:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:4200:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:2000:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Cannot initiate the connection to packages-dev.wazuh.com:443 (2600:9000:2199:1400:14:ca3a:45c0:93a1). - connect (101: Network is unreachable) Could not connect to packages-dev.wazuh.com:443 (99.84.208.121), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.124), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.61), connection timed out Could not connect to packages-dev.wazuh.com:443 (99.84.208.42), connection timed out
W: Some index files failed to download. They have been ignored, or old ones used instead.
13/12/2023 18:02:24 INFO: Wazuh development repository added.
13/12/2023 18:02:24 INFO: --- Configuration files ---
13/12/2023 18:02:25 INFO: Generating configuration files.
13/12/2023 18:02:25 DEBUG: Creating Wazuh certificates.
13/12/2023 18:02:25 DEBUG: Reading configuration file.
13/12/2023 18:02:25 DEBUG: Creating the root certificate.
.......+...+.+.....+.+.....+.......+........+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.....+......+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+.....+....+......+........+..........+..+...+.+..................+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+......+.+..+...+...+.......+...+..+...+....+..........................+..........+.....+......+.+.........+..............+....+........+.........+......+...+....+.....+.......+........+.+..+.......+............+......+........+.+......+..+...+.......+...+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+......+..+.............+..+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.........+.+..................+...+..+...+...................+......+...+...........+....+............+..+.+.....+.........+..........+..+.........+.......+..+.....................+.+......+........+...............+.+......+...+.....+....+.....+.......+..............+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
13/12/2023 18:02:25 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
13/12/2023 18:02:26 DEBUG: Generating Wazuh indexer certificates.
13/12/2023 18:02:26 DEBUG: Creating the Wazuh indexer certificates.
13/12/2023 18:02:26 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
...+......+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+......+.+...+.....+.+.....+.......+.........+........+...+...+.+...+.....+..........+..+.+...+..+.......+..+.+.....+....+........+.+.....+.+...............+...+............+......+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...+......+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+...........+.........+.+......+..+.......+......+........+.........+...............+.......+...........+............+..........+.....+.......+......+........+.+........+.+.....+......+..................+...+.........+.+...+..+.......+..+...+.+......+........+.......+......+..+...+...+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
13/12/2023 18:02:26 DEBUG: Generating Filebeat certificates.
13/12/2023 18:02:26 DEBUG: Creating the Wazuh server certificates.
13/12/2023 18:02:26 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
..+.......+........+......+...+.+..+...............+...............+...+......+..........+........+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.....+...+....+......+..+..........+...+.........+.....+......................+.....+.+........+.+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+............+...+...........+..........+...+.....+.....................+....+..+.+..+...+.......+............+...+...........+....+..+.+...+......+...........+...+............+.........+.+..............+...+............+....+......+.........+.....+.+.....+....+.....+.+......+........+...............+.......+............+..+..........+...+..+..........+...+.....+.+..+...+.........+.+.....+.......+..+.+.....+.......+.........+...+..+..................+.+..+.......+...........+............+....+...+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
13/12/2023 18:02:26 DEBUG: Generating Wazuh dashboard certificates.
13/12/2023 18:02:26 DEBUG: Creating the Wazuh dashboard certificates.
13/12/2023 18:02:26 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
.......+...+.....+.+....................+.+...+.....+.......+..+......+......+.+............+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+........+.+..+...+......+...+.......+......+.....+.......+..+....+..+.........+....+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+.....+...+.......+..+.......+.....+....+.....+......+...+..........+......+.........+...+.....+....+.........+.....+............+...+.......+.....+....+...+..+....+.........+..+..........+...+.......................+..........+..................+............+.........+...+..+.+.....+.......+.....+...+.......+.....+......+.......+............+.....+.+.....+.........+.+......+.....................+..............+...+.......+.....+......+............+.+..+...+...............+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+...+......+...+......+.......+..+.......+......+..+...+...+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.........+......+.....+....+...+.................+.+..+...+.+....................+......+.........+....+......+........+...+...+.......+.........+...+...+...+............+..+..........+..+.+.........+..............+................+.....+...+.+.....+.......+...+..+.......+.....+.......+.........+.....+.+........+......+.+...+...+.....+...+....+............+........+.+...............+..+.......+..+...+.+.....+......+.+..+.......+......+..................+..+...............+.........+...+......+.........+.+...........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
13/12/2023 18:02:27 DEBUG: Cleaning certificate files.
13/12/2023 18:02:27 DEBUG: Generating password file.
13/12/2023 18:02:27 DEBUG: Generating random passwords.
13/12/2023 18:02:27 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
13/12/2023 18:02:27 DEBUG: Extracting Wazuh configuration.
13/12/2023 18:02:27 DEBUG: Reading configuration file.
13/12/2023 18:02:28 INFO: --- Wazuh indexer ---
13/12/2023 18:02:28 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package wazuh-(Reading database ... 151751 files and directories Preparing to unpack .../wazuh-indexer_4.8.0-1_amd6 Created opensearch keystore in /etc/wazuh-indexer/ Processing triggers for libc-bin (2.35-0ubuntu3.5) NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1
13/12/2023 18:04:00 DEBUG: Checking Wazuh installation.
13/12/2023 18:04:01 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:04:02 INFO: Wazuh indexer installation finished.
13/12/2023 18:04:02 DEBUG: Configuring Wazuh indexer.
13/12/2023 18:04:02 DEBUG: Copying Wazuh indexer certificates.
13/12/2023 18:04:02 INFO: Wazuh indexer post-install configuration finished.
13/12/2023 18:04:02 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
13/12/2023 18:04:36 INFO: wazuh-indexer service started.
13/12/2023 18:04:36 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
13/12/2023 18:04:49 INFO: The Wazuh indexer cluster ISM initialized.
13/12/2023 18:04:49 INFO: Wazuh indexer cluster initialized.
13/12/2023 18:04:49 INFO: --- Wazuh server ---
13/12/2023 18:04:49 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1
13/12/2023 18:06:56 DEBUG: Checking Wazuh installation.
13/12/2023 18:06:57 DEBUG: There are Wazuh remaining files.
13/12/2023 18:06:58 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:06:59 INFO: Wazuh manager installation finished.
13/12/2023 18:06:59 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
13/12/2023 18:07:25 INFO: wazuh-manager service started.
13/12/2023 18:07:25 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1
13/12/2023 18:07:40 DEBUG: Checking Wazuh installation.
13/12/2023 18:07:41 DEBUG: There are Wazuh remaining files.
13/12/2023 18:07:42 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:07:42 DEBUG: There are Filebeat remaining files.
13/12/2023 18:07:43 INFO: Filebeat installation finished.
13/12/2023 18:07:43 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
13/12/2023 18:07:43 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
13/12/2023 18:07:44 INFO: Filebeat post-install configuration finished.
13/12/2023 18:07:44 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
13/12/2023 18:07:46 INFO: filebeat service started.
13/12/2023 18:07:46 INFO: --- Wazuh dashboard ---
13/12/2023 18:07:46 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1
13/12/2023 18:09:06 DEBUG: Checking Wazuh installation.
13/12/2023 18:09:07 DEBUG: There are Wazuh remaining files.
13/12/2023 18:09:07 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:09:08 DEBUG: There are Filebeat remaining files.
13/12/2023 18:09:09 DEBUG: There are Wazuh dashboard remaining files.
13/12/2023 18:09:09 INFO: Wazuh dashboard installation finished.
13/12/2023 18:09:09 DEBUG: Configuring Wazuh dashboard.
13/12/2023 18:09:09 DEBUG: Copying Wazuh dashboard certificates.
13/12/2023 18:09:09 DEBUG: Wazuh dashboard certificate setup finished.
13/12/2023 18:09:09 INFO: Wazuh dashboard post-install configuration finished.
13/12/2023 18:09:09 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
13/12/2023 18:09:10 INFO: wazuh-dashboard service started.
13/12/2023 18:09:10 DEBUG: Setting Wazuh indexer cluster passwords.
13/12/2023 18:09:10 DEBUG: Checking Wazuh installation.
13/12/2023 18:09:11 DEBUG: There are Wazuh remaining files.
13/12/2023 18:09:12 DEBUG: There are Wazuh indexer remaining files.
13/12/2023 18:09:12 DEBUG: There are Filebeat remaining files.
13/12/2023 18:09:13 DEBUG: There are Wazuh dashboard remaining files.
13/12/2023 18:09:13 INFO: Updating the internal users.
13/12/2023 18:09:13 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
13/12/2023 18:09:23 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
13/12/2023 18:09:23 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
13/12/2023 18:09:23 DEBUG: The internal users have been updated before changing the passwords.
13/12/2023 18:09:27 DEBUG: Generating password hashes.
13/12/2023 18:09:39 DEBUG: Password hashes generated.
13/12/2023 18:09:39 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
13/12/2023 18:09:45 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
13/12/2023 18:09:46 DEBUG: Restarting filebeat service...
13/12/2023 18:09:47 DEBUG: filebeat started.
13/12/2023 18:09:49 DEBUG: Restarting wazuh-dashboard service...
13/12/2023 18:09:49 DEBUG: wazuh-dashboard started.
13/12/2023 18:09:49 DEBUG: Running security admin tool.
13/12/2023 18:09:49 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
13/12/2023 18:09:56 DEBUG: Passwords changed.
13/12/2023 18:09:56 DEBUG: Changing API passwords.
13/12/2023 18:10:04 INFO: Initializing Wazuh dashboard web application.
13/12/2023 18:10:04 INFO: Wazuh dashboard web application not yet initialized. Waiting...
13/12/2023 18:10:21 INFO: Wazuh dashboard web application not yet initialized. Waiting...
13/12/2023 18:10:36 INFO: Wazuh dashboard web application initialized.
13/12/2023 18:10:36 INFO: --- Summary ---
13/12/2023 18:10:36 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: QEof+FUC.XNOAq?ZZWarQhIhQ0uPtrj6
13/12/2023 18:10:36 DEBUG: Restoring Wazuh repository.
13/12/2023 18:10:36 INFO: Installation finished. 🟢 AIO offline (no internet) in CentOS 8[root@ip-172-31-36-173 centos]# bash wazuh-install.sh -a -of -v -i
14/12/2023 10:29:51 DEBUG: Checking root permissions.
14/12/2023 10:29:51 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 10:29:51 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 10:29:51 DEBUG: YUM package manager will be used.
14/12/2023 10:29:51 INFO: Checking installed dependencies for Offline installation.
14/12/2023 10:29:54 DEBUG: Offline dependencies are installed.
14/12/2023 10:29:54 DEBUG: Checking system distribution.
14/12/2023 10:29:54 DEBUG: Detected distribution name: centos
14/12/2023 10:29:54 DEBUG: Detected distribution version: 8
14/12/2023 10:29:54 DEBUG: Checking Wazuh installation.
14/12/2023 10:29:57 DEBUG: Checking system architecture.
14/12/2023 10:29:57 WARNING: Hardware and system checks ignored.
14/12/2023 10:29:57 INFO: Wazuh web interface port will be 443.
14/12/2023 10:29:57 DEBUG: Checking ports availability.
14/12/2023 10:29:59 INFO: Checking wazuh-offline.tar.gz file.
14/12/2023 10:29:59 DEBUG: wazuh-offline.tar.gz was found correctly.
14/12/2023 10:29:59 DEBUG: Extracting files from wazuh-offline.tar.gz
14/12/2023 10:29:59 ERROR: Missing necessary offline file: /home/centos/wazuh-offline/wazuh-files/filebeat.yml
[root@ip-172-31-36-173 centos]# tree
bash: tree: command not found
[root@ip-172-31-36-173 centos]# ls wazuh-offline/wazuh-packages/
filebeat-oss-7.10.2-x86_64.rpm
wazuh-dashboard-4.8.0-1.x86_64.rpm
wazuh-indexer-4.8.0-1.x86_64.rpm
wazuh-manager-4.8.0-1.x86_64.rpm
[root@ip-172-31-36-173 centos]# ls wazuh-offline/wazuh-packages/
filebeat-oss-7.10.2-x86_64.rpm
wazuh-dashboard-4.8.0-1.x86_64.rpm
wazuh-indexer-4.8.0-1.x86_64.rpm
wazuh-manager-4.8.0-1.x86_64.rpm
[root@ip-172-31-36-173 centos]# ls wazuh-offline/wazuh-packages/^C
[root@ip-172-31-36-173 centos]# rm -rf wazuh-offline
[root@ip-172-31-36-173 centos]# tar -xvf wazuh-offline.tar.gz
wazuh-offline/
wazuh-offline/wazuh-packages/
wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm
wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm
wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm
wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm
wazuh-offline/wazuh-files/
wazuh-offline/wazuh-files/GPG-KEY-WAZUH
wazuh-offline/wazuh-files/filebeat.yml
wazuh-offline/wazuh-files/wazuh-template.json
wazuh-offline/wazuh-files/wazuh-filebeat-0.3.tar.gz
[root@ip-172-31-36-173 centos]# bash wazuh-install.sh -a -of -v -i
14/12/2023 10:31:24 DEBUG: Checking root permissions.
14/12/2023 10:31:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 10:31:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 10:31:24 DEBUG: YUM package manager will be used.
14/12/2023 10:31:24 INFO: Checking installed dependencies for Offline installation.
14/12/2023 10:31:28 DEBUG: Offline dependencies are installed.
14/12/2023 10:31:28 DEBUG: Checking system distribution.
14/12/2023 10:31:28 DEBUG: Detected distribution name: centos
14/12/2023 10:31:28 DEBUG: Detected distribution version: 8
14/12/2023 10:31:28 DEBUG: Checking Wazuh installation.
14/12/2023 10:31:31 DEBUG: Checking system architecture.
14/12/2023 10:31:31 WARNING: Hardware and system checks ignored.
14/12/2023 10:31:31 INFO: Wazuh web interface port will be 443.
14/12/2023 10:31:31 DEBUG: Checking ports availability.
14/12/2023 10:31:34 INFO: Checking wazuh-offline.tar.gz file.
14/12/2023 10:31:34 DEBUG: wazuh-offline.tar.gz was found correctly.
14/12/2023 10:31:34 DEBUG: Extracting files from wazuh-offline.tar.gz
14/12/2023 10:31:34 DEBUG: Offline files extracted successfully.
14/12/2023 10:31:34 DEBUG: Checking curl tool version.
14/12/2023 10:31:34 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
14/12/2023 10:31:34 INFO: Wazuh development repository added.
14/12/2023 10:31:34 INFO: --- Configuration files ---
14/12/2023 10:31:34 INFO: Generating configuration files.
14/12/2023 10:31:34 DEBUG: Creating Wazuh certificates.
14/12/2023 10:31:34 DEBUG: Reading configuration file.
14/12/2023 10:31:34 DEBUG: Creating the root certificate.
Generating a RSA private key
....+++++
..........................+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
14/12/2023 10:31:34 DEBUG: Generating Admin certificates.
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................................................+++++
.....................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
14/12/2023 10:31:34 DEBUG: Generating Wazuh indexer certificates.
14/12/2023 10:31:34 DEBUG: Creating the Wazuh indexer certificates.
14/12/2023 10:31:34 DEBUG: Generating certificate configuration.
Ignoring -days; not generating a certificate
Generating a RSA private key
.............................+++++
................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
14/12/2023 10:31:35 DEBUG: Generating Filebeat certificates.
14/12/2023 10:31:35 DEBUG: Creating the Wazuh server certificates.
14/12/2023 10:31:35 DEBUG: Generating certificate configuration.
Ignoring -days; not generating a certificate
Generating a RSA private key
........................................+++++
....................................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
14/12/2023 10:31:35 DEBUG: Generating Wazuh dashboard certificates.
14/12/2023 10:31:35 DEBUG: Creating the Wazuh dashboard certificates.
14/12/2023 10:31:35 DEBUG: Generating certificate configuration.
Ignoring -days; not generating a certificate
Generating a RSA private key
....................................................................+++++
......+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
14/12/2023 10:31:35 DEBUG: Cleaning certificate files.
14/12/2023 10:31:35 DEBUG: Generating password file.
14/12/2023 10:31:35 DEBUG: Generating random passwords.
14/12/2023 10:31:35 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/12/2023 10:31:35 DEBUG: Extracting Wazuh configuration.
14/12/2023 10:31:35 DEBUG: Reading configuration file.
14/12/2023 10:31:36 INFO: --- Wazuh indexer ---
14/12/2023 10:31:36 INFO: Starting Wazuh indexer installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
14/12/2023 10:32:51 DEBUG: Checking Wazuh installation.
14/12/2023 10:32:53 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:32:55 INFO: Wazuh indexer installation finished.
14/12/2023 10:32:55 DEBUG: Configuring Wazuh indexer.
14/12/2023 10:32:55 DEBUG: Copying Wazuh indexer certificates.
14/12/2023 10:32:55 INFO: Wazuh indexer post-install configuration finished.
14/12/2023 10:32:55 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
14/12/2023 10:33:26 INFO: wazuh-indexer service started.
14/12/2023 10:33:26 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
14/12/2023 10:33:40 INFO: The Wazuh indexer cluster ISM initialized.
14/12/2023 10:33:40 INFO: Wazuh indexer cluster initialized.
14/12/2023 10:33:40 INFO: --- Wazuh server ---
14/12/2023 10:33:40 INFO: Starting the Wazuh manager installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ########################################
14/12/2023 10:35:21 DEBUG: Checking Wazuh installation.
14/12/2023 10:35:22 DEBUG: There are Wazuh remaining files.
14/12/2023 10:35:23 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:35:25 INFO: Wazuh manager installation finished.
14/12/2023 10:35:25 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
14/12/2023 10:35:43 INFO: wazuh-manager service started.
14/12/2023 10:35:43 INFO: Starting Filebeat installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ########################################
14/12/2023 10:35:45 DEBUG: Checking Wazuh installation.
14/12/2023 10:36:14 DEBUG: There are Wazuh remaining files.
14/12/2023 10:36:16 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:36:17 DEBUG: There are Filebeat remaining files.
14/12/2023 10:36:18 INFO: Filebeat installation finished.
14/12/2023 10:36:18 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
14/12/2023 10:36:18 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/12/2023 10:36:18 INFO: Filebeat post-install configuration finished.
14/12/2023 10:36:18 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
14/12/2023 10:36:19 INFO: filebeat service started.
14/12/2023 10:36:19 INFO: --- Wazuh dashboard ---
14/12/2023 10:36:19 INFO: Starting Wazuh dashboard installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ########################################
14/12/2023 10:38:01 DEBUG: Checking Wazuh installation.
14/12/2023 10:38:03 DEBUG: There are Wazuh remaining files.
14/12/2023 10:38:03 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:38:05 DEBUG: There are Filebeat remaining files.
14/12/2023 10:38:06 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 10:38:06 INFO: Wazuh dashboard installation finished.
14/12/2023 10:38:06 DEBUG: Configuring Wazuh dashboard.
14/12/2023 10:38:06 DEBUG: Copying Wazuh dashboard certificates.
14/12/2023 10:38:06 DEBUG: Wazuh dashboard certificate setup finished.
14/12/2023 10:38:06 INFO: Wazuh dashboard post-install configuration finished.
14/12/2023 10:38:06 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
14/12/2023 10:38:06 INFO: wazuh-dashboard service started.
14/12/2023 10:38:06 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 10:38:06 DEBUG: Checking Wazuh installation.
14/12/2023 10:38:07 DEBUG: There are Wazuh remaining files.
14/12/2023 10:38:08 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:38:10 DEBUG: There are Filebeat remaining files.
14/12/2023 10:38:11 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 10:38:11 INFO: Updating the internal users.
14/12/2023 10:38:11 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 10:38:19 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
14/12/2023 10:38:19 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/12/2023 10:38:19 DEBUG: The internal users have been updated before changing the passwords.
14/12/2023 10:38:20 DEBUG: Generating password hashes.
14/12/2023 10:38:31 DEBUG: Password hashes generated.
14/12/2023 10:38:31 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 10:38:36 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
14/12/2023 10:38:36 DEBUG: Restarting filebeat service...
14/12/2023 10:38:36 DEBUG: filebeat started.
14/12/2023 10:38:38 DEBUG: Restarting wazuh-dashboard service...
14/12/2023 10:38:38 DEBUG: wazuh-dashboard started.
14/12/2023 10:38:38 DEBUG: Running security admin tool.
14/12/2023 10:38:38 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/centos
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
14/12/2023 10:38:43 DEBUG: Passwords changed.
14/12/2023 10:38:43 DEBUG: Changing API passwords.
14/12/2023 10:38:50 INFO: Initializing Wazuh dashboard web application.
14/12/2023 10:38:50 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/12/2023 10:39:07 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/12/2023 10:39:22 INFO: Wazuh dashboard web application initialized.
14/12/2023 10:39:22 INFO: --- Summary ---
14/12/2023 10:39:22 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: mPYw0F7TlA?VNvvVX7EB03uWQ8oL.kdl
14/12/2023 10:39:22 DEBUG: Restoring Wazuh repository.
14/12/2023 10:39:22 INFO: Installation finished.
[root@ip-172-31-36-173 centos]# 🟢 AIO offline (no internet) in RHEL9[root@ip-172-31-36-51 ec2-user]# bash wazuh-install.sh -a -of -v -i
14/12/2023 10:36:38 DEBUG: Checking root permissions.
14/12/2023 10:36:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 10:36:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 10:36:38 DEBUG: YUM package manager will be used.
14/12/2023 10:36:38 INFO: Checking installed dependencies for Offline installation.
14/12/2023 10:36:42 DEBUG: Offline dependencies are installed.
14/12/2023 10:36:42 DEBUG: Checking system distribution.
14/12/2023 10:36:42 DEBUG: Detected distribution name: rhel
14/12/2023 10:36:42 DEBUG: Detected distribution version: 9
14/12/2023 10:36:42 DEBUG: Checking Wazuh installation.
14/12/2023 10:36:47 DEBUG: Checking system architecture.
14/12/2023 10:36:47 WARNING: Hardware and system checks ignored.
14/12/2023 10:36:47 INFO: Wazuh web interface port will be 443.
14/12/2023 10:36:47 DEBUG: Checking ports availability.
14/12/2023 10:36:49 INFO: Checking wazuh-offline.tar.gz file.
14/12/2023 10:36:49 DEBUG: wazuh-offline.tar.gz was found correctly.
14/12/2023 10:36:49 DEBUG: Extracting files from wazuh-offline.tar.gz
14/12/2023 10:37:04 DEBUG: Offline files extracted successfully.
14/12/2023 10:37:04 DEBUG: Checking curl tool version.
14/12/2023 10:37:04 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
14/12/2023 10:37:04 INFO: Wazuh development repository added.
14/12/2023 10:37:04 INFO: --- Configuration files ---
14/12/2023 10:37:04 INFO: Generating configuration files.
14/12/2023 10:37:04 DEBUG: Creating Wazuh certificates.
14/12/2023 10:37:04 DEBUG: Reading configuration file.
14/12/2023 10:37:04 DEBUG: Creating the root certificate.
.....+...+.+............+.....+..........+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+.....+.......+..+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+....+...+..............+....+.....+......+.+.....+....+.....+.............+..+....+..+.........+...+...+....+......+........+....+......+............+..+..........+........+...+......+.+...+...............+......+.....+...+......+.+...........+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+...+.....+.+........+.......+.....+.+..................+..+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+......+.+..+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+........+....+........+.......+.....+.+..+...............+......+....+...+..+............+.........+.........+.+..+.......+.....+..........+...+.....+...+..........+.....+......+.+...............+..+..................+............+.......+.....+.........+.+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
14/12/2023 10:37:05 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
14/12/2023 10:37:05 DEBUG: Generating Wazuh indexer certificates.
14/12/2023 10:37:05 DEBUG: Creating the Wazuh indexer certificates.
14/12/2023 10:37:05 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
.........+.....+..................+.+.....+.+............+........+....+...........+...+.+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+.....+......+.+.....+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+............+.....+....+...........+.+.....+.......+........+...+......+.+...+..+.........+.........+....+...........+....+..+.+..+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
14/12/2023 10:37:06 DEBUG: Generating Filebeat certificates.
14/12/2023 10:37:06 DEBUG: Creating the Wazuh server certificates.
14/12/2023 10:37:06 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
................+.+..+....+.....+..........+.........+.........+..+....+.....+...............+....+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+..+...+.........+.............+..+....+..............+...+....+...+...................................+...+...+.........+.....................+.......+...+..+.......+.....+.............+..+.+......+.....+.+..+...............+...+....+...+..+...+.......+.....+.+...+.....+....+.....+................+..+...+.........+......+....+...+...+.....+......+.+........+......+...................+..+...+.......+.....+..................+.........+.+..+....+...+..+....+.....+.........+...+..................+.+...........+.........+......+.......+..+...+...+...+..........+......+...+......+......+......+..+...+....+...+..+.+..+...+....+.......................+.+..+............+...+............+.+......+......+...+.....+...............+....+.....+................+.........+..+.+.....+.............+......+...............+...+.....+............+......+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+.....+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.................+...+...+......+.+..+.......+.........+...........+.+..+.+...........+.........+....+...........+.+.....+...+.......+.....+..........+...........+...+.......+.....+.........+....+.........+.....+..........+.....+......+....+.....+.+......+...........+....+......+..+...+.......+...........+....+..+.+..+...+...................+........+.+...........+...+............+.+...+..+.......+..+.+............+..+.+...+.........+..+...+............+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
14/12/2023 10:37:07 DEBUG: Generating Wazuh dashboard certificates.
14/12/2023 10:37:07 DEBUG: Creating the Wazuh dashboard certificates.
14/12/2023 10:37:07 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
.....+...+.........+...+....+.....+...+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.........+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+........+...............+.......+.....+...+......+....+.................+............+...+....+.........+......+........+.+......+.....+...+.+.................+....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..........+.+.........+........+...+....+...+......+.....+.........+.+............+...+..+.......+..+...+...+....+.........+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+.....+...................+...+.....+.+..+...+..........+.....+.+........+.+.....+.......+..+...+............+......+......+.............+..+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+......+.......................+....+..+....+.....+....+............+........+.+.....+.......+...+......+.........+.....+.+......+..+...+...+...............+......+....+.....+......+.............+.....+.+..+...............+....+........+.+.....+......+..........+......+..+............................+.................+..........+...+..+......+...............+.......+...+..+.......+..+...............+.........+......+.+...+..+.......+..+...+...+...+.+...+...........+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
14/12/2023 10:37:07 DEBUG: Cleaning certificate files.
14/12/2023 10:37:07 DEBUG: Generating password file.
14/12/2023 10:37:07 DEBUG: Generating random passwords.
14/12/2023 10:37:07 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/12/2023 10:37:07 DEBUG: Extracting Wazuh configuration.
14/12/2023 10:37:07 DEBUG: Reading configuration file.
14/12/2023 10:37:08 INFO: --- Wazuh indexer ---
14/12/2023 10:37:08 INFO: Starting Wazuh indexer installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
14/12/2023 10:38:34 DEBUG: Checking Wazuh installation.
14/12/2023 10:38:36 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:38:38 INFO: Wazuh indexer installation finished.
14/12/2023 10:38:38 DEBUG: Configuring Wazuh indexer.
14/12/2023 10:38:38 DEBUG: Copying Wazuh indexer certificates.
14/12/2023 10:38:38 INFO: Wazuh indexer post-install configuration finished.
14/12/2023 10:38:38 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
14/12/2023 10:39:10 INFO: wazuh-indexer service started.
14/12/2023 10:39:10 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
14/12/2023 10:39:25 INFO: The Wazuh indexer cluster ISM initialized.
14/12/2023 10:39:25 INFO: Wazuh indexer cluster initialized.
14/12/2023 10:39:25 INFO: --- Wazuh server ---
14/12/2023 10:39:25 INFO: Starting the Wazuh manager installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ########################################
14/12/2023 10:40:30 DEBUG: Checking Wazuh installation.
14/12/2023 10:40:32 DEBUG: There are Wazuh remaining files.
14/12/2023 10:40:33 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:40:35 INFO: Wazuh manager installation finished.
14/12/2023 10:40:35 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
14/12/2023 10:40:55 INFO: wazuh-manager service started.
14/12/2023 10:40:55 INFO: Starting Filebeat installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ########################################
14/12/2023 10:40:57 DEBUG: Checking Wazuh installation.
14/12/2023 10:41:25 DEBUG: There are Wazuh remaining files.
14/12/2023 10:41:26 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:41:27 DEBUG: There are Filebeat remaining files.
14/12/2023 10:41:28 INFO: Filebeat installation finished.
14/12/2023 10:41:28 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
14/12/2023 10:41:28 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/12/2023 10:41:29 INFO: Filebeat post-install configuration finished.
14/12/2023 10:41:29 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
14/12/2023 10:41:29 INFO: filebeat service started.
14/12/2023 10:41:29 INFO: --- Wazuh dashboard ---
14/12/2023 10:41:29 INFO: Starting Wazuh dashboard installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ########################################
14/12/2023 10:43:33 DEBUG: Checking Wazuh installation.
14/12/2023 10:43:37 DEBUG: There are Wazuh remaining files.
14/12/2023 10:43:38 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:43:39 DEBUG: There are Filebeat remaining files.
14/12/2023 10:43:40 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 10:43:40 INFO: Wazuh dashboard installation finished.
14/12/2023 10:43:40 DEBUG: Configuring Wazuh dashboard.
14/12/2023 10:43:40 DEBUG: Copying Wazuh dashboard certificates.
14/12/2023 10:43:40 DEBUG: Wazuh dashboard certificate setup finished.
14/12/2023 10:43:40 INFO: Wazuh dashboard post-install configuration finished.
14/12/2023 10:43:40 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
14/12/2023 10:43:41 INFO: wazuh-dashboard service started.
14/12/2023 10:43:41 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 10:43:41 DEBUG: Checking Wazuh installation.
14/12/2023 10:43:42 DEBUG: There are Wazuh remaining files.
14/12/2023 10:43:43 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:43:45 DEBUG: There are Filebeat remaining files.
14/12/2023 10:43:46 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 10:43:46 INFO: Updating the internal users.
14/12/2023 10:43:46 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 10:43:56 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
14/12/2023 10:43:56 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/12/2023 10:43:56 DEBUG: The internal users have been updated before changing the passwords.
14/12/2023 10:43:58 DEBUG: Generating password hashes.
14/12/2023 10:44:08 DEBUG: Password hashes generated.
14/12/2023 10:44:09 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 10:44:14 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
14/12/2023 10:44:14 DEBUG: Restarting filebeat service...
14/12/2023 10:44:15 DEBUG: filebeat started.
14/12/2023 10:44:17 DEBUG: Restarting wazuh-dashboard service...
14/12/2023 10:44:17 DEBUG: wazuh-dashboard started.
14/12/2023 10:44:17 DEBUG: Running security admin tool.
14/12/2023 10:44:17 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
14/12/2023 10:44:25 DEBUG: Passwords changed.
14/12/2023 10:44:25 DEBUG: Changing API passwords.
14/12/2023 10:44:33 INFO: Initializing Wazuh dashboard web application.
14/12/2023 10:44:33 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/12/2023 10:44:49 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/12/2023 10:45:04 INFO: Wazuh dashboard web application initialized.
14/12/2023 10:45:04 INFO: --- Summary ---
14/12/2023 10:45:04 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: Z6FjgiIoQEhWjRS.E0d.YnAaK*vK6ykv
14/12/2023 10:45:04 DEBUG: Restoring Wazuh repository.
14/12/2023 10:45:04 INFO: Installation finished.
🟢 AIO offline (no internet) in AL2[root@ip-172-31-40-241 ec2-user]# bash wazuh-install.sh -a -of -v
14/12/2023 10:51:49 DEBUG: Checking root permissions.
14/12/2023 10:51:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
14/12/2023 10:51:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/12/2023 10:51:49 DEBUG: YUM package manager will be used.
14/12/2023 10:51:49 INFO: Checking installed dependencies for Offline installation.
14/12/2023 10:51:51 DEBUG: Offline dependencies are installed.
14/12/2023 10:51:51 DEBUG: Checking system distribution.
14/12/2023 10:51:51 DEBUG: Detected distribution name: amzn
14/12/2023 10:51:51 DEBUG: Detected distribution version: 2
14/12/2023 10:51:51 DEBUG: Checking Wazuh installation.
14/12/2023 10:51:54 DEBUG: Checking system architecture.
14/12/2023 10:51:54 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/12/2023 10:51:54 DEBUG: CPU cores detected: 2
14/12/2023 10:51:54 DEBUG: Free RAM memory detected: 3862
14/12/2023 10:51:54 INFO: Wazuh web interface port will be 443.
14/12/2023 10:51:54 DEBUG: Checking ports availability.
14/12/2023 10:51:55 INFO: Checking wazuh-offline.tar.gz file.
14/12/2023 10:51:55 DEBUG: wazuh-offline.tar.gz was found correctly.
14/12/2023 10:51:55 DEBUG: Extracting files from wazuh-offline.tar.gz
14/12/2023 10:52:14 DEBUG: Offline files extracted successfully.
14/12/2023 10:52:14 DEBUG: Checking curl tool version.
14/12/2023 10:52:14 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
14/12/2023 10:52:14 INFO: Wazuh development repository added.
14/12/2023 10:52:14 INFO: --- Configuration files ---
14/12/2023 10:52:14 INFO: Generating configuration files.
14/12/2023 10:52:14 DEBUG: Creating Wazuh certificates.
14/12/2023 10:52:14 DEBUG: Reading configuration file.
14/12/2023 10:52:14 DEBUG: Creating the root certificate.
Generating a 2048 bit RSA private key
.........................+++
...................+++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
14/12/2023 10:52:14 DEBUG: Generating Admin certificates.
Generating RSA private key, 2048 bit long modulus
.................+++
..........................+++
e is 65537 (0x10001)
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin
Getting CA Private Key
14/12/2023 10:52:14 DEBUG: Generating Wazuh indexer certificates.
14/12/2023 10:52:14 DEBUG: Creating the Wazuh indexer certificates.
14/12/2023 10:52:14 DEBUG: Generating certificate configuration.
Generating a 2048 bit RSA private key
.......................+++
.......................................................+++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-indexer
Getting CA Private Key
14/12/2023 10:52:14 DEBUG: Generating Filebeat certificates.
14/12/2023 10:52:14 DEBUG: Creating the Wazuh server certificates.
14/12/2023 10:52:14 DEBUG: Generating certificate configuration.
Generating a 2048 bit RSA private key
....................+++
............................+++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-server
Getting CA Private Key
14/12/2023 10:52:14 DEBUG: Generating Wazuh dashboard certificates.
14/12/2023 10:52:14 DEBUG: Creating the Wazuh dashboard certificates.
14/12/2023 10:52:14 DEBUG: Generating certificate configuration.
Generating a 2048 bit RSA private key
.+++
.+++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=/C=US/L=California/O=Wazuh/OU=Wazuh/CN=wazuh-dashboard
Getting CA Private Key
14/12/2023 10:52:15 DEBUG: Cleaning certificate files.
14/12/2023 10:52:15 DEBUG: Generating password file.
14/12/2023 10:52:15 DEBUG: Generating random passwords.
14/12/2023 10:52:15 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/12/2023 10:52:15 DEBUG: Extracting Wazuh configuration.
14/12/2023 10:52:15 DEBUG: Reading configuration file.
14/12/2023 10:52:15 INFO: --- Wazuh indexer ---
14/12/2023 10:52:15 INFO: Starting Wazuh indexer installation.
Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
14/12/2023 10:53:21 DEBUG: Checking Wazuh installation.
14/12/2023 10:53:22 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:53:23 INFO: Wazuh indexer installation finished.
14/12/2023 10:53:23 DEBUG: Configuring Wazuh indexer.
14/12/2023 10:53:23 DEBUG: Copying Wazuh indexer certificates.
14/12/2023 10:53:24 INFO: Wazuh indexer post-install configuration finished.
14/12/2023 10:53:24 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
14/12/2023 10:53:47 INFO: wazuh-indexer service started.
14/12/2023 10:53:47 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
14/12/2023 10:54:00 INFO: The Wazuh indexer cluster ISM initialized.
14/12/2023 10:54:00 INFO: Wazuh indexer cluster initialized.
14/12/2023 10:54:00 INFO: --- Wazuh server ---
14/12/2023 10:54:00 INFO: Starting the Wazuh manager installation.
Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ########################################
14/12/2023 10:54:10 DEBUG: Checking Wazuh installation.
14/12/2023 10:54:11 DEBUG: There are Wazuh remaining files.
14/12/2023 10:54:12 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:54:13 INFO: Wazuh manager installation finished.
14/12/2023 10:54:13 INFO: Starting service wazuh-manager.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
14/12/2023 10:54:30 INFO: wazuh-manager service started.
14/12/2023 10:54:30 INFO: Starting Filebeat installation.
Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ########################################
14/12/2023 10:54:31 DEBUG: Checking Wazuh installation.
14/12/2023 10:54:32 DEBUG: There are Wazuh remaining files.
14/12/2023 10:54:32 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:54:33 DEBUG: There are Filebeat remaining files.
14/12/2023 10:54:34 INFO: Filebeat installation finished.
14/12/2023 10:54:34 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
14/12/2023 10:54:34 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/12/2023 10:54:34 INFO: Filebeat post-install configuration finished.
14/12/2023 10:54:34 INFO: Starting service filebeat.
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
14/12/2023 10:54:34 INFO: filebeat service started.
14/12/2023 10:54:34 INFO: --- Wazuh dashboard ---
14/12/2023 10:54:34 INFO: Starting Wazuh dashboard installation.
Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ########################################
14/12/2023 10:55:10 DEBUG: Checking Wazuh installation.
14/12/2023 10:55:12 DEBUG: There are Wazuh remaining files.
14/12/2023 10:55:12 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:55:13 DEBUG: There are Filebeat remaining files.
14/12/2023 10:55:14 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 10:55:14 INFO: Wazuh dashboard installation finished.
14/12/2023 10:55:14 DEBUG: Configuring Wazuh dashboard.
14/12/2023 10:55:14 DEBUG: Copying Wazuh dashboard certificates.
14/12/2023 10:55:14 DEBUG: Wazuh dashboard certificate setup finished.
14/12/2023 10:55:14 INFO: Wazuh dashboard post-install configuration finished.
14/12/2023 10:55:14 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
14/12/2023 10:55:14 INFO: wazuh-dashboard service started.
14/12/2023 10:55:14 DEBUG: Setting Wazuh indexer cluster passwords.
14/12/2023 10:55:14 DEBUG: Checking Wazuh installation.
14/12/2023 10:55:15 DEBUG: There are Wazuh remaining files.
14/12/2023 10:55:16 DEBUG: There are Wazuh indexer remaining files.
14/12/2023 10:55:17 DEBUG: There are Filebeat remaining files.
14/12/2023 10:55:18 DEBUG: There are Wazuh dashboard remaining files.
14/12/2023 10:55:18 INFO: Updating the internal users.
14/12/2023 10:55:18 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 10:55:24 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
14/12/2023 10:55:24 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
14/12/2023 10:55:24 DEBUG: The internal users have been updated before changing the passwords.
14/12/2023 10:55:26 DEBUG: Generating password hashes.
14/12/2023 10:55:35 DEBUG: Password hashes generated.
14/12/2023 10:55:35 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
14/12/2023 10:55:39 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
14/12/2023 10:55:39 DEBUG: Restarting filebeat service...
14/12/2023 10:55:39 DEBUG: filebeat started.
14/12/2023 10:55:41 DEBUG: Restarting wazuh-dashboard service...
14/12/2023 10:55:41 DEBUG: wazuh-dashboard started.
14/12/2023 10:55:41 DEBUG: Running security admin tool.
14/12/2023 10:55:41 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
14/12/2023 10:55:47 DEBUG: Passwords changed.
14/12/2023 10:55:47 DEBUG: Changing API passwords.
14/12/2023 10:55:54 INFO: Initializing Wazuh dashboard web application.
14/12/2023 10:55:56 INFO: Wazuh dashboard web application initialized.
14/12/2023 10:55:56 INFO: --- Summary ---
14/12/2023 10:55:56 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: +n.0dE28ZtVEGKcHRz020hdAhyULJYyt
14/12/2023 10:55:56 DEBUG: Restoring Wazuh repository.
14/12/2023 10:55:56 INFO: Installation finished.
[root@ip-172-31-40-241 ec2-user]#
|
Update ReportBy petition of the team, in case of offline installation, the import of the Wazuh GPG key and repository have been removed. Two tests in Ubuntu22 and RHEL9 have been performed: 🟢 RHEL9 - AIO[root@ip-172-31-36-51 ec2-user]# bash wazuh-install.sh -a -v -of -i
18/12/2023 16:06:24 DEBUG: Checking root permissions.
18/12/2023 16:06:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/12/2023 16:06:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/12/2023 16:06:24 DEBUG: YUM package manager will be used.
18/12/2023 16:06:24 INFO: Checking installed dependencies for Offline installation.
18/12/2023 16:06:27 DEBUG: Offline dependencies are installed.
18/12/2023 16:06:27 DEBUG: Checking system distribution.
18/12/2023 16:06:27 DEBUG: Detected distribution name: rhel
18/12/2023 16:06:27 DEBUG: Detected distribution version: 9
18/12/2023 16:06:27 DEBUG: Checking Wazuh installation.
18/12/2023 16:06:30 DEBUG: Checking system architecture.
18/12/2023 16:06:30 WARNING: Hardware and system checks ignored.
18/12/2023 16:06:30 INFO: Wazuh web interface port will be 443.
18/12/2023 16:06:30 DEBUG: Checking ports availability.
18/12/2023 16:06:31 INFO: Checking wazuh-offline.tar.gz file.
18/12/2023 16:06:31 DEBUG: wazuh-offline.tar.gz was found correctly.
18/12/2023 16:06:31 DEBUG: Extracting files from wazuh-offline.tar.gz
18/12/2023 16:06:43 DEBUG: Offline files extracted successfully.
18/12/2023 16:06:43 DEBUG: Checking curl tool version.
18/12/2023 16:06:43 INFO: --- Configuration files ---
18/12/2023 16:06:43 INFO: Generating configuration files.
18/12/2023 16:06:43 DEBUG: Creating Wazuh certificates.
18/12/2023 16:06:43 DEBUG: Reading configuration file.
18/12/2023 16:06:43 DEBUG: Creating the root certificate.
......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+......+..+..................+...+......+......+...+....+...+.........+...+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.......+...............+...+..+......+...............+..........+.....+.............+..+...+.+........+......+....+..+.+...+..............+.+..+...+......+.+..+.......+.........+..............+.......+.....+..................+...+...+.........+.......+........+...+....+...+...+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+..........+......+..+....+.........+.....+.......+........+.+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+....+...+........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+.........+............+...+......+......+..+...+.......+.....+.......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
18/12/2023 16:06:44 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
18/12/2023 16:06:44 DEBUG: Generating Wazuh indexer certificates.
18/12/2023 16:06:44 DEBUG: Creating the Wazuh indexer certificates.
18/12/2023 16:06:44 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
...+..+.+.................+.+......+.....+...+.+.....+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...+...+..+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+.+...+.....+...+..........+..+.............+...........................+...+...+..+.......+.....+................+..+...+.........+.+............+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.......+..+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+...+..+....+...........+.............+..+.........+.+...........+..........+.....+.......+.....+.......+...+........+...+.+......+........+.+......+...+..............+.......+...+......+..+.......+......+..+.......+......+.....+.+..............+.+........+.............+.....+....+.....+.........+......+.+...+..+.......+..+...+.....................+.+...+...+..+...+...+...............+.......+.....+.......+..+..........+...+...+...............+..+.+......+...........+............+......+.......+...............+..+...+......................+..+.........+............+.......+......+............+..+.+............+..+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
18/12/2023 16:06:45 DEBUG: Generating Filebeat certificates.
18/12/2023 16:06:45 DEBUG: Creating the Wazuh server certificates.
18/12/2023 16:06:45 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
..+..+...+.......+.....+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+.......+......+..............+....+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.......+..+......+....+..................+..+.+.....+..................+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+....+..+.......+...+...+.........+......+..+.......+.....+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+............+.....+.+....................+.+.....+......+...+.......+.....+.......+......+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..........+...+.....+.........+...+....+.........+.....+.+...........+...+.+........+......+.+.....+.+.....+.........+.+.....+.........+.+........+......+...+...............+......+..........+..+....+........................+.........+.....+............+.+........+....+...+...+..+.........+....+.....+....+........+...+....+..+.........+......+.+..............+.+...............+............+...+...+..+....+...+........+............+...+...+......+.+.........+...........+...+....+.....+.......+...........+........................+....+.....+.........................+......+........+.+.........+..+...+...+...+..........+..+...+.......+.....+....+.........+.........+......+..+....+...+..+....+..............+......................+...........+..........+.........+...+........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
18/12/2023 16:06:45 DEBUG: Generating Wazuh dashboard certificates.
18/12/2023 16:06:45 DEBUG: Creating the Wazuh dashboard certificates.
18/12/2023 16:06:45 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
..+.......+......+..+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.........+.....+.+......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+...+............+.+.........+...+.....+...+.+...+.....+......+.+........+............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+....+.........+............+.....+..........+........+..........+.....+......+.+..+..........+.....+.......+..................+...+..+.+......+...........+...+....+..+......+...+....+..+......+...+....+......+..+............+.+......+...+...+...+.....+.+......+...............+........+.+......+....................+.......+......+..+..................+.+...+........+....+...+...+........+.+..............+....+.....+.............+...+.....+......+.+..+.+.........+..+...+.+.........+.................+.+.........+........+......+.+..................+...+...+............+.....+...............+..........+.....+.........+....+...........+...+.+..+...+....+...........+....+...+...+..+...+......+.+.......................+.+........+.+.....+.+........+......+......+.+..+......+.+......+..............+......+...+............+.............+..+............+.+.........+..+.+.........+......+............+.....+...+...+....+....................+...+....+........+...+............+.+..+...+................+.....+.+.........+...+..+...+...+.......+...+........+..........+.................+....+..................+......+.....+.......+...+......+......+..+......+.+...+...+........+....+..+...+.......+...+........+...+.......+..+...+..........+.........+..............+.......+.....+....+...+........+.........+..........+...+..+.........+.+...+........+...+.......+..............+.+........+.+.....+......+.......+......+.........+...+.........+........+......+.........+...+.......+..+...+.+......+.....+....+..+...+.+.....+..........+...........+.......+...+..................+.........+...+.....+...+....+..+.+..+.+...........+.+..+.......+.....+......+.........................+...+..+............+.+.........+.....+.+..+....+.....+.........+.+...............+...+...........+....+.................+......+.......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
18/12/2023 16:06:46 DEBUG: Cleaning certificate files.
18/12/2023 16:06:46 DEBUG: Generating password file.
18/12/2023 16:06:46 DEBUG: Generating random passwords.
18/12/2023 16:06:46 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/12/2023 16:06:46 DEBUG: Extracting Wazuh configuration.
18/12/2023 16:06:46 DEBUG: Reading configuration file.
18/12/2023 16:06:47 INFO: --- Wazuh indexer ---
18/12/2023 16:06:47 INFO: Starting Wazuh indexer installation.
18/12/2023 16:06:47 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm
warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-indexer-4.8.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-indexer-4.8.0-1 ######################################## Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
18/12/2023 16:07:58 DEBUG: Checking Wazuh installation.
18/12/2023 16:07:59 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:08:01 INFO: Wazuh indexer installation finished.
18/12/2023 16:08:01 DEBUG: Configuring Wazuh indexer.
18/12/2023 16:08:01 DEBUG: Copying Wazuh indexer certificates.
18/12/2023 16:08:01 INFO: Wazuh indexer post-install configuration finished.
18/12/2023 16:08:01 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
18/12/2023 16:08:29 INFO: wazuh-indexer service started.
18/12/2023 16:08:29 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
18/12/2023 16:08:42 INFO: The Wazuh indexer cluster ISM initialized.
18/12/2023 16:08:42 INFO: Wazuh indexer cluster initialized.
18/12/2023 16:08:42 INFO: --- Wazuh server ---
18/12/2023 16:08:42 INFO: Starting the Wazuh manager installation.
18/12/2023 16:08:42 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm
warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-manager-4.8.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-manager-4.8.0-1 ########################################
18/12/2023 16:09:35 DEBUG: Checking Wazuh installation.
18/12/2023 16:09:37 DEBUG: There are Wazuh remaining files.
18/12/2023 16:09:38 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:09:39 INFO: Wazuh manager installation finished.
18/12/2023 16:09:39 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
18/12/2023 16:09:56 INFO: wazuh-manager service started.
18/12/2023 16:09:56 INFO: Starting Filebeat installation.
18/12/2023 16:09:56 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm
warning: /home/ec2-user/wazuh-offline/wazuh-packages/filebeat-oss-7.10.2-x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... filebeat-7.10.2-1 ########################################
18/12/2023 16:09:58 DEBUG: Checking Wazuh installation.
18/12/2023 16:10:26 DEBUG: There are Wazuh remaining files.
18/12/2023 16:10:27 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:10:28 DEBUG: There are Filebeat remaining files.
18/12/2023 16:10:28 INFO: Filebeat installation finished.
18/12/2023 16:10:28 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
18/12/2023 16:10:28 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
18/12/2023 16:10:29 INFO: Filebeat post-install configuration finished.
18/12/2023 16:10:29 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
18/12/2023 16:10:29 INFO: filebeat service started.
18/12/2023 16:10:29 INFO: --- Wazuh dashboard ---
18/12/2023 16:10:29 INFO: Starting Wazuh dashboard installation.
18/12/2023 16:10:29 DEBUG: Installing local package: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm
warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-dashboard-4.8.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.8.0-1 ########################################
18/12/2023 16:12:10 DEBUG: Checking Wazuh installation.
18/12/2023 16:12:14 DEBUG: There are Wazuh remaining files.
18/12/2023 16:12:15 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:12:15 DEBUG: There are Filebeat remaining files.
18/12/2023 16:12:16 DEBUG: There are Wazuh dashboard remaining files.
18/12/2023 16:12:16 INFO: Wazuh dashboard installation finished.
18/12/2023 16:12:16 DEBUG: Configuring Wazuh dashboard.
18/12/2023 16:12:16 DEBUG: Copying Wazuh dashboard certificates.
18/12/2023 16:12:16 DEBUG: Wazuh dashboard certificate setup finished.
18/12/2023 16:12:16 INFO: Wazuh dashboard post-install configuration finished.
18/12/2023 16:12:16 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
18/12/2023 16:12:17 INFO: wazuh-dashboard service started.
18/12/2023 16:12:17 DEBUG: Setting Wazuh indexer cluster passwords.
18/12/2023 16:12:17 DEBUG: Checking Wazuh installation.
18/12/2023 16:12:18 DEBUG: There are Wazuh remaining files.
18/12/2023 16:12:19 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:12:20 DEBUG: There are Filebeat remaining files.
18/12/2023 16:12:21 DEBUG: There are Wazuh dashboard remaining files.
18/12/2023 16:12:21 INFO: Updating the internal users.
18/12/2023 16:12:21 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
18/12/2023 16:12:29 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
18/12/2023 16:12:30 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/12/2023 16:12:30 DEBUG: The internal users have been updated before changing the passwords.
18/12/2023 16:12:31 DEBUG: Generating password hashes.
18/12/2023 16:12:40 DEBUG: Password hashes generated.
18/12/2023 16:12:40 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
18/12/2023 16:12:44 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
18/12/2023 16:12:45 DEBUG: Restarting filebeat service...
18/12/2023 16:12:45 DEBUG: filebeat started.
18/12/2023 16:12:47 DEBUG: Restarting wazuh-dashboard service...
18/12/2023 16:12:48 DEBUG: wazuh-dashboard started.
18/12/2023 16:12:48 DEBUG: Running security admin tool.
18/12/2023 16:12:48 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
18/12/2023 16:12:55 DEBUG: Passwords changed.
18/12/2023 16:12:55 DEBUG: Changing API passwords.
18/12/2023 16:13:02 INFO: Initializing Wazuh dashboard web application.
18/12/2023 16:13:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
18/12/2023 16:13:19 INFO: Wazuh dashboard web application not yet initialized. Waiting...
18/12/2023 16:13:34 INFO: Wazuh dashboard web application initialized.
18/12/2023 16:13:34 INFO: --- Summary ---
18/12/2023 16:13:34 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: 3*0Cu8ucKhhqwHi8YAmV3aElZa+qdFUk
18/12/2023 16:13:34 INFO: Installation finished.
[root@ip-172-31-36-51 ec2-user]# yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration
🟢 Ubuntu22 - AIOroot@ip-172-31-37-181:/home/ubuntu# bash wazuh-install.sh -a -v -of
18/12/2023 16:06:05 DEBUG: Checking root permissions.
18/12/2023 16:06:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/12/2023 16:06:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/12/2023 16:06:06 DEBUG: APT package manager will be used.
18/12/2023 16:06:06 INFO: Checking installed dependencies for Offline installation.
18/12/2023 16:06:09 DEBUG: Offline dependencies are installed.
18/12/2023 16:06:09 DEBUG: Checking system distribution.
18/12/2023 16:06:09 DEBUG: Detected distribution name: ubuntu
18/12/2023 16:06:09 DEBUG: Detected distribution version: 22
18/12/2023 16:06:09 DEBUG: Checking Wazuh installation.
18/12/2023 16:06:12 DEBUG: Checking system architecture.
18/12/2023 16:06:12 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/12/2023 16:06:12 DEBUG: CPU cores detected: 2
18/12/2023 16:06:12 DEBUG: Free RAM memory detected: 3859
18/12/2023 16:06:12 INFO: Wazuh web interface port will be 443.
18/12/2023 16:06:12 DEBUG: Checking ports availability.
18/12/2023 16:06:14 INFO: Checking wazuh-offline.tar.gz file.
18/12/2023 16:06:14 DEBUG: wazuh-offline.tar.gz was found correctly.
18/12/2023 16:06:14 DEBUG: Extracting files from wazuh-offline.tar.gz
18/12/2023 16:06:32 DEBUG: Offline files extracted successfully.
18/12/2023 16:06:32 DEBUG: Checking curl tool version.
18/12/2023 16:06:32 INFO: --- Configuration files ---
18/12/2023 16:06:33 INFO: Generating configuration files.
18/12/2023 16:06:33 DEBUG: Creating Wazuh certificates.
18/12/2023 16:06:33 DEBUG: Reading configuration file.
18/12/2023 16:06:33 DEBUG: Creating the root certificate.
..+..+.+...+......+.....+.........+.......+...+..+...+................+.....+....+..+....+.....+......+..................+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+..+..................+.+.....+.+........+.+......+......+..+.......+......+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+......+.........+.........+..+...+......+..........+.....+....+..+.........+.+...+...........+....+.....+....+......+...........+.+..+......+.+.....+.+.....+....+..............+.+..............+...................+........+......................+..+....+.....+.+.....+....+..+....+......+.....+.......+......+.....+....+...+..+.+..+....+...+.......................+...+.+.....+.+........+.......+...+..+...+.......+........+....+..+....+.........+........+.........+...+.......+...+...+...+......+...+.....+............+.+........+....+...+.....+..........+.....+...+......+...+..........+............+......+..+...+.......+......+......+.....+...+...............+..........+...+..............+....+..+....+.........+.....+............+....+...+.....+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+......+...+.+.........+...........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+.+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+...+.....+...+....+...+...+...........+...+...+....+.....+...+...+.......+..+....+..+............+.+..+....+...+..+...+.............+.........+.........+.....+.......+..+............+.+............+...............+...+.........+.....................+..............+.........+.+.....+....+............+............+..+.+.....+.......+.....+.+.........+..+...+...+.......+......+...............+..............+.+.....+....+..+...+...+....+...........+.........+......+....+...........+....+........+.+.........+...........+.......+..+..........+..+.+........+....+...+...+.....+....+..+...+..........+.....+.............+..+.+.....+.......+...+......+.....+...+...+....+...+...........+.+.....+....+.........+..+.+............+......+..+....+...+........+...+.+...+...+...+....................+...............+....+..+.+.....+.........+........................+.........+.+..+...+.+...+..+...+.............+.....+...+....+...+........+......+....+..+...+......+....+......+..............+...................+..+.+...+.....+.+.....................+..+.......+...........+...+.........+.+..+...................+......+..+...+....+........+.......+.....+....+.....+....+...+............+.................+....+..+....+.........+.........+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
18/12/2023 16:06:34 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
18/12/2023 16:06:35 DEBUG: Generating Wazuh indexer certificates.
18/12/2023 16:06:35 DEBUG: Creating the Wazuh indexer certificates.
18/12/2023 16:06:35 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
....+......+.+..+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.....+....+..+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+...+..........+..+.......+.....+.+......+......+............+..+...............+....+.....+....+.....+...+....+.....+......+..........+........+.........+.+...........+.+..+...+...+.+......+........+....+...........+.......+..+.+..+.......+..+..........+...+...+..+...+...+....+..+...+.+.....+............+.........+...............+....+..+...+......+...+.+.........+..+..........+......+..+.......+...+...........+.......+..+...+...............+...+......+......+............+............+................+..+...+....+...+......+...........+......+....+......+........+.+...+...+.....+.............+...........+....+.....+................+...+..+.+..+.+.....................+.....+.+.....+....+......+...+..+.........+...+.+..............+.+.....+....+........+.......+..+................+........+.........+...+...+....+......+..+.......+......+.........+............+...+...+.....+............+............+.+........+.+...+..+...............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
............+.+......+.....+....+............+..+...+.......+...+..+.+......+.....+...+.+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.....+.............+..+....+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+......+..............+......+.........+......+.+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
18/12/2023 16:06:35 DEBUG: Generating Filebeat certificates.
18/12/2023 16:06:35 DEBUG: Creating the Wazuh server certificates.
18/12/2023 16:06:35 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
.....+......+..............+......+.........+...+......+.+...+.....+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..........+.....+....+.....+.........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+...+..........+.....+......+...+.+......+...........+....+.....+....+.....+..........+..+....+...+............+........+...+..........+..+.+.....+.+........+.+..+..........+.........+......+...+.....+....+...+..+.......+...+..+......+...+.+........+.+..............+......+......+.............+........+....+...+..+......+...+..........+..+....+.....+....+...............+.........+..+...+......+.......+..+.+......+....................................+.....+............+...............+..........+...+.........+...........+...+.+...+..+.........+......+.+........+..........+..............+......+.+...+...+...+...........+....+......+..............+....+..+.........+......+.+...+.....+.........+................+......+......+..+.+..+.......+..+....+......+.....+.+............+...+............+..+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+......+.+...+...........+.+..+...+.......+..+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+.........+.........+.....+.+...+........+.......+...+.....+..........+..+...............+.+..+............+............+.....................+...+....+..+.+.........+...+..+......+.......+...+.....+....+...+......+..+..........+.....+....+..............+......+.+..+...............+............................+..+.+..+....+.........+..+.......+......+...........+.+..+......+..........+.....+.+...+..+...+...+....+...+......+...........+...+...+.......+............+...+.....+.+..............+.......+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
18/12/2023 16:06:36 DEBUG: Generating Wazuh dashboard certificates.
18/12/2023 16:06:36 DEBUG: Creating the Wazuh dashboard certificates.
18/12/2023 16:06:36 DEBUG: Generating certificate configuration.
Ignoring -days without -x509; not generating a certificate
.......+........+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+......+....+......+..+.........+...+..........+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+................................+.+..+.......+...+...............+...+..+...+.........+...+......+.......+..............+...+.+.....+..........+.........+..+.+..+......+.+......+.....+.......+............+.....+.........+.+........+.+..+...+.+......+........+.......+..+.+..+...+.........+......+....+..+......+.............+.........+..................+.....+...+......+.+..+.............+.....+...+.+...+..+......+....+...+...............+..+......+....+...............+...+.....+...+.........+................+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....................+...+.....+......+.+...+......+.....+.+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+...+....+...+........+...+.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+...........+......+....+.....+.+........+......+...................+..+.......+..+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
18/12/2023 16:06:37 DEBUG: Cleaning certificate files.
18/12/2023 16:06:37 DEBUG: Generating password file.
18/12/2023 16:06:37 DEBUG: Generating random passwords.
18/12/2023 16:06:37 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/12/2023 16:06:37 DEBUG: Extracting Wazuh configuration.
18/12/2023 16:06:37 DEBUG: Reading configuration file.
18/12/2023 16:06:38 INFO: --- Wazuh indexer ---
18/12/2023 16:06:38 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/752 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package wazuh-(Reading database ... 151751 files and directories Preparing to unpack .../wazuh-indexer_4.8.0-1_amd6 Created opensearch keystore in /etc/wazuh-indexer/ Processing triggers for libc-bin (2.35-0ubuntu3.5) NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
18/12/2023 16:08:14 DEBUG: Checking Wazuh installation.
18/12/2023 16:08:15 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:08:17 INFO: Wazuh indexer installation finished.
18/12/2023 16:08:17 DEBUG: Configuring Wazuh indexer.
18/12/2023 16:08:17 DEBUG: Copying Wazuh indexer certificates.
18/12/2023 16:08:17 INFO: Wazuh indexer post-install configuration finished.
18/12/2023 16:08:17 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
18/12/2023 16:08:46 INFO: wazuh-indexer service started.
18/12/2023 16:08:46 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create index templates to configure the alias
SUCC: 'wazuh-alerts' template created or updated
SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
SUCC: 'wazuh-alerts' write index created
SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
18/12/2023 16:08:59 INFO: The Wazuh indexer cluster ISM initialized.
18/12/2023 16:08:59 INFO: Wazuh indexer cluster initialized.
18/12/2023 16:08:59 INFO: --- Wazuh server ---
18/12/2023 16:08:59 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/117 MB of archives. After this operation, 702 MB of additional disk space will be used. Selecting previously(Reading database ... 152926 files and directories Preparing to unpack .../wazuh-manager_4.8.0-1_amd6 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
18/12/2023 16:11:24 DEBUG: Checking Wazuh installation.
18/12/2023 16:11:24 DEBUG: There are Wazuh remaining files.
18/12/2023 16:11:25 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:11:26 INFO: Wazuh manager installation finished.
18/12/2023 16:11:26 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
18/12/2023 16:11:54 INFO: wazuh-manager service started.
18/12/2023 16:11:54 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used.(Reading database ... 174972 files and directories Preparing to unpack .../filebeat_7.10.2_amd64.deb NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
18/12/2023 16:12:10 DEBUG: Checking Wazuh installation.
18/12/2023 16:12:11 DEBUG: There are Wazuh remaining files.
18/12/2023 16:12:11 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:12:12 DEBUG: There are Filebeat remaining files.
18/12/2023 16:12:13 INFO: Filebeat installation finished.
18/12/2023 16:12:13 DEBUG: Configuring Filebeat.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
18/12/2023 16:12:13 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
18/12/2023 16:12:14 INFO: Filebeat post-install configuration finished.
18/12/2023 16:12:14 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
18/12/2023 16:12:16 INFO: filebeat service started.
18/12/2023 16:12:16 INFO: --- Wazuh dashboard ---
18/12/2023 16:12:16 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 987 MB of additional disk space will be used. Selecting previously unselected package wazuh(Reading database ... 175291 files and directories Preparing to unpack .../wazuh-dashboard_4.8.0-1_am NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1017-aws NEEDRESTART-KEXP: 6.2.0-1017-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: filebeat.service
18/12/2023 16:13:41 DEBUG: Checking Wazuh installation.
18/12/2023 16:13:42 DEBUG: There are Wazuh remaining files.
18/12/2023 16:13:43 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:13:44 DEBUG: There are Filebeat remaining files.
18/12/2023 16:13:44 DEBUG: There are Wazuh dashboard remaining files.
18/12/2023 16:13:44 INFO: Wazuh dashboard installation finished.
18/12/2023 16:13:44 DEBUG: Configuring Wazuh dashboard.
18/12/2023 16:13:44 DEBUG: Copying Wazuh dashboard certificates.
18/12/2023 16:13:45 DEBUG: Wazuh dashboard certificate setup finished.
18/12/2023 16:13:45 INFO: Wazuh dashboard post-install configuration finished.
18/12/2023 16:13:45 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
18/12/2023 16:13:46 INFO: wazuh-dashboard service started.
18/12/2023 16:13:46 DEBUG: Setting Wazuh indexer cluster passwords.
18/12/2023 16:13:46 DEBUG: Checking Wazuh installation.
18/12/2023 16:13:46 DEBUG: There are Wazuh remaining files.
18/12/2023 16:13:47 DEBUG: There are Wazuh indexer remaining files.
18/12/2023 16:13:48 DEBUG: There are Filebeat remaining files.
18/12/2023 16:13:48 DEBUG: There are Wazuh dashboard remaining files.
18/12/2023 16:13:48 INFO: Updating the internal users.
18/12/2023 16:13:48 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
18/12/2023 16:13:59 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
18/12/2023 16:13:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
18/12/2023 16:13:59 DEBUG: The internal users have been updated before changing the passwords.
18/12/2023 16:14:03 DEBUG: Generating password hashes.
18/12/2023 16:14:16 DEBUG: Password hashes generated.
18/12/2023 16:14:16 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
18/12/2023 16:14:24 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
18/12/2023 16:14:25 DEBUG: Restarting filebeat service...
18/12/2023 16:14:26 DEBUG: filebeat started.
18/12/2023 16:14:28 DEBUG: Restarting wazuh-dashboard service...
18/12/2023 16:14:30 DEBUG: wazuh-dashboard started.
18/12/2023 16:14:30 DEBUG: Running security admin tool.
18/12/2023 16:14:30 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
18/12/2023 16:14:38 DEBUG: Passwords changed.
18/12/2023 16:14:38 DEBUG: Changing API passwords.
18/12/2023 16:14:46 INFO: Initializing Wazuh dashboard web application.
18/12/2023 16:14:46 INFO: Wazuh dashboard web application not yet initialized. Waiting...
18/12/2023 16:15:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
18/12/2023 16:15:18 INFO: Wazuh dashboard web application initialized.
18/12/2023 16:15:18 INFO: --- Summary ---
18/12/2023 16:15:18 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: XCJG1fAtjYs6gNHr2+FAtdn7vvbSOLNa
18/12/2023 16:15:18 INFO: Installation finished.
root@ip-172-31-37-181:/home/ubuntu# yum repolist
Command 'yum' not found, did you mean:
command 'gum' from snap gum (0.12.0)
command 'sum' from deb coreutils (8.32-4.1ubuntu1)
command 'yum4' from deb nextgen-yum4 (4.5.2-6)
command 'uum' from deb freewnn-jserver (1.1.1~a021+cvs20130302-7build1)
command 'num' from deb quickcal (2.4-1)
command 'zum' from deb perforate (1.2-5.1)
See 'snap info <snapname>' for additional versions.
root@ip-172-31-37-181:/home/ubuntu# cat /etc/ap
apache2/ apparmor.d/ apt/
apparmor/ apport/
root@ip-172-31-37-181:/home/ubuntu# cat /etc/apt/
apt.conf.d/ preferences.d/ trusted.gpg.d/
auth.conf.d/ sources.list
keyrings/ sources.list.d/
root@ip-172-31-37-181:/home/ubuntu# cat /etc/apt/sources.list
sources.list sources.list.d/
root@ip-172-31-37-181:/home/ubuntu# ls -l /etc/apt/sources.list.d/
total 4
-rw-r--r-- 1 root root 140 Sep 6 17:34 ondrej-ubuntu-php-jammy.list
root@ip-172-31-37-181:/home/ubuntu#
We must consider that, because of the Wazuh Filebeat template fetched via |
Update ReportDocumentationCurrently working on the documentation of these changes in the following branch: https://github.com/wazuh/wazuh-documentation/tree/wp-1422-improve-offline-documentation-4.9 The aim is to create an index for the Offline installation that contains two alternatives: step-by-step installation and using the assistant. The related PR is: wazuh/wazuh-documentation#6920 |
While following Installation alternatives - Offline installation may be helpful to provide a couple of scripts to do most of the tasks in an automated way.
The offline installing process can/should be improved by providing customers with a single offline installer script in both the download and offline systems.
Also, the process should improve the transfer of packages from the download system to the offline system by creating a single tar.gz file as output from the download process. As a result, it is easier to copy between offline systems.
The process should include two parts:
related to - #wazuh/12889
The text was updated successfully, but these errors were encountered: