-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wazuh installation assistant does not update internal users file #2454
Comments
As an update for this, I believe the error comes from this function which also the same in the wazuh-password-tool: Full function
As a result after |
Additional info on this:
|
Update ReportDevelopmentAfter applying the change that suggested @micsinyei, the Wazuh dashboard can not be initialized correctly, obtaining the warning 🔴 Complete log14/09/2023 12:10:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
14/09/2023 12:10:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
14/09/2023 12:10:43 WARNING: Hardware and system checks ignored.
14/09/2023 12:10:43 INFO: Wazuh web interface port will be 443.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Get:1 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:2 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [32.1 kB]
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:5 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:6 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Fetched 49.4 kB in 1s (65.5 kB/s)
Reading package lists...
14/09/2023 12:10:49 INFO: Wazuh repository added.
14/09/2023 12:10:49 INFO: --- Configuration files ---
14/09/2023 12:10:49 INFO: Generating configuration files.
........+...+.+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+..+......+.+...+...+..+.+....................+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+......+...+........+...+......+...+......+.......+...+............+.........+.....+.+.....+............+.+..+.............+..+.......+...+.....+...+.+...+...........+.+..............+....+..+.+.....+.........+....+.....+.........+.+......+...+..+.........+.........+.......+...+.....+.+......+.........+..+...+....+..+.............+...........+.......+..+............+.........+.+...........+....+.....+....+............+...+.....+....+..+.+.....+...+.......+............+....................+..........+.....+............+.+..+.............+..............+.........+.....................+.+.....+.......+..+..........+........+...+....+.....+...+.............+..+......+.+.....+...+......+.......+...............+..+...+.............+......+........+......+......+.+...+......+.....+.+...+............+....................+...+.........+.+..+.......+......+..+....+...+.....+.+..+.............+......+.....+...+......+....+...+..+...+....+...+...+...+..+..........+.................+.............+..................+...........+..........+...+..+.........+....+...........+....+..+......+.......+..+...+...+...+....+......+.........+.....+.+.....+............+..................+.......+...+...........+....+......+...............+......+..+...+.......+............+......+...+..+...+......+...+......+.+...........+...+....+...+..+..........+..+.............+...............+...+..+......+......+....+..+...............+.........+...................+..+..................+....+...+.....+.......+...+...+.....+.+.....+...+...+....+.....+......+....+.........+..+.......+...+.........+...............+......+..+...+.........+....+.....+.+...........+...+...............+.......+.....+.......+...+..+.+..+.......+......+.....+.......+...+..+..................+.........+.+......+...........+...+...................+..+.+............+..+...+.............+........+.......+.........+........+.+..+....+...+.....+...+...............+.......+..+...+............+....+..............+......+.+.....+...+.+...........+...+..........+..+.........+......+.+............+...............+......+..+.......+...+...+..+...+................+........+.+.........+..+...+.......+...+......+..+..........+...+..+............+.+..+...+..........+...........+...+............+...+.....................+......+.+........+....+..+.+...+..+....+.........+.....+.........+...............+.+...........+.+...+............+........+....+......+..+...+....+..+....+......+...........+....+..............+......+.+........+.+.........+.....+.+...+.....+...+...+......+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+.+....................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.+...+........+....+...+..+...+..................+...+....+...........+.+...+.................+......+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+........+...+...+.......+..+......+..........+..+.......+...+....................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Ignoring -days without -x509; not generating a certificate
.....+..+.+..+....+...+............+........+.+..+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+........+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
........+.+.........+..+...+.+....................+....+...+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+............+...+....+......+...+..+...............+....+.........+.....+.+......+...+.....+...............+.+.....+.........+...................+..+..................+.+.........+.....+...............+.+......+...+...+........+......+.+..+.......+...+.....+.......+......+.....+.......+..+....+.................+...+....+.....+................+.....+......+.+..+............+.........+.+.........+.....+......+.+..+...+.......+..+...+..........+...+..+.+.....+.+......+.........+......+...+.........+..+...+...+.......+..+.........+....+...+...+..+.........+...+..........+...+.........+...+......+...............+..+...+.+.....+.............+...+.....+.........+.+..+...+...............+...+.+........+.+..+...+......+..........+......+........+.+.....+...+..................+.......+...............+......+..+...............+.......+...+...+......+.....+....+.....+.+...........+...+.+......+.....+.......+.......................+....+......+..+.......+.....+...+...............+.+......+......+.....+.........+.........+................+...+...........+....+...+............+..+...+............+...+......+............+...+..........+..+...............+.............+.........+...+..+......+...............+.......+.........+...+...........+.+...........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Ignoring -days without -x509; not generating a certificate
...+..+......+...+.......+...+.....................+.....+....+..+............+.+..+.......+.....+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+....................+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.+..............+...+....+...+........+...+.....................+.........+.+.....+.+.....+.........+....+.....................+.....+...+...+....+...+......+...........+...+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
......+.+........+...+.........+......+...+......+......+.........+......+....+........+...+..........+..+...............+.+.....+....+........+...+.+...+...........+....+...+...+...............+..+...+.......+.....+.............+.....+.+.....+...+...+...+....+..+.+.........+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.......+...+.....+...+...+.+.........+..+....+...+.................+...+......+....+..+.........+.+.....+.+.....+.............+......+...+..+..........+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+.......+...+..+.........+...+...+....+..............+......+...+..........+.....+.+.........+...........+....+...+..+......+.+......+.....+...+.+......+.........+.....+....+.....+....+..+.+...+..............+......+.+........+.......+...+..+.+..................+.....+.........+...+....+...........+...+..........+......+...+..+..........+...+........+.........+.+........+.........+......+.......+..+................+...........+....+...........+...+.+..+....+...+........+...+................+.........+.....+.+.....+.+........+....+..+................+..+.+.........+............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Ignoring -days without -x509; not generating a certificate
.+...+..+......+...+.+........................+.........+..+....+..+.......+...+...+......+...+...+........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+....+.....+...................+..+....+...+.....+......+......+....+.....+....+..+......+...+......+.............+..+...+.......+........+...+.......+............+......+.........+...............+........+......+......+...............+...............+...+......+.+...+........+...+......+.+.................+..........+...............+........+...+....+...+.....+.......+........+....+.........+..+...+....+..+.+...+......+.....+.+..+.+..+...+....+.....+......+.+.....+..................+.+......+...........+....+..............+......+....+.....+.+.....+.+........+...................+...........+.......+...+......+.........+..+...+..........+......+..............+.+......+..+.+..+....+...+...........+.+.....+.............+.....+...+....+...+........+..........+..+.+..+.............+.....+......+.............+...+..+..........+...+...+.....+.........+.+...........+......+..........+..+................+.................+....+........+...+...+....+...+.....+...+....+......+.........+...........+....+...+.................+......+.+......+..+...+...+.+......+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+.+..............+...+..........+.....+...+....+...+...+.....+.......+..+......+.+...+...+..+......+.+.....+....+............+..+............+..........+...+.....+...+....+.....+.+..+......+.......+.....+.......+..+..........+...+......+.....+....+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..+............+....+.........+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+..+...+.+.....+.+...........+...+.+...+....................+......+....+..+.+..................+..+............+.+..+.......+......+.....+.+...+.....+...+...+.......+..+.......+........+.+.................+.........+.+.....+.........+..........+.........+.........+........+...+.....................+...+.+.....+....+.....+..........+..+.+...............+..+.+...........+...+...+...+.........+.......+...+.....+............+.+.....+...+....+...+..+............+.+.....+.........+......+.............+..+............+.......+......+...+.....+.........+...+.......+...........+......+.............+.....+..........+..+...+...+...+.......+..+......+.......+...+............+.........+.....+.+.....+.......+..+.........+....+...+...+......+.....+......+............+.+.....+.........................+......+.....+.+...............+........+....+......+......+.........+..+...+.+......+..+...+.......+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
14/09/2023 12:10:52 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/09/2023 12:10:52 INFO: --- Wazuh indexer ---
14/09/2023 12:10:52 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 683 MB of archives.
After this operation, 971 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-indexer amd64 4.5.2-1 [683 MB]
Fetched 683 MB in 4min 52s (2,340 kB/s)
Selecting previously unselected package wazuh-indexer.
(Reading database ... 75816 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.2-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.2-1) ...
Setting up wazuh-indexer (4.5.2-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:16:32 INFO: Wazuh indexer installation finished.
14/09/2023 12:16:32 INFO: Wazuh indexer post-install configuration finished.
14/09/2023 12:16:32 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
14/09/2023 12:16:53 INFO: wazuh-indexer service started.
14/09/2023 12:16:53 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
14/09/2023 12:17:03 INFO: Wazuh indexer cluster initialized.
14/09/2023 12:17:03 INFO: --- Wazuh server ---
14/09/2023 12:17:03 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
expect
The following NEW packages will be installed:
wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 171 MB of archives.
After this operation, 627 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-manager amd64 4.5.2-1 [171 MB]
Fetched 171 MB in 41s (4,168 kB/s)
Selecting previously unselected package wazuh-manager.
(Reading database ... 76939 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.2-1_amd64.deb ...
Unpacking wazuh-manager (4.5.2-1) ...
Setting up wazuh-manager (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:18:33 INFO: Wazuh manager installation finished.
14/09/2023 12:18:33 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
14/09/2023 12:18:58 INFO: wazuh-manager service started.
14/09/2023 12:18:58 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
filebeat
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 22.1 MB of archives.
After this operation, 73.6 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 filebeat amd64 7.10.2 [22.1 MB]
Fetched 22.1 MB in 5s (4,228 kB/s)
Selecting previously unselected package filebeat.
(Reading database ... 98213 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:19:10 INFO: Filebeat installation finished.
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/09/2023 12:19:11 INFO: Filebeat post-install configuration finished.
14/09/2023 12:19:11 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
14/09/2023 12:19:13 INFO: filebeat service started.
14/09/2023 12:19:13 INFO: --- Wazuh dashboard ---
14/09/2023 12:19:13 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 128 MB of archives.
After this operation, 813 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-dashboard amd64 4.5.2-1 [128 MB]
Fetched 128 MB in 33s (3,864 kB/s)
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 98532 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.2-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.2-1) ...
Setting up wazuh-dashboard (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:20:40 INFO: Wazuh dashboard installation finished.
14/09/2023 12:20:40 INFO: Wazuh dashboard post-install configuration finished.
14/09/2023 12:20:40 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
14/09/2023 12:20:41 INFO: wazuh-dashboard service started.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
14/09/2023 12:21:17 INFO: Initializing Wazuh dashboard web application.
14/09/2023 12:21:17 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:21:32 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:21:47 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:18 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:33 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:48 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:18 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:33 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:48 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:18 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:34 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:49 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:04 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:19 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:34 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:49 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:26:04 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:26:19 ERROR: Wazuh dashboard installation failed.
14/09/2023 12:26:19 INFO: --- Removing existing Wazuh installation ---
14/09/2023 12:26:19 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 627 MB disk space will be freed.
(Reading database ... 193249 files and directories currently installed.)
Removing wazuh-manager (4.5.2-1) ...
(Reading database ... 171995 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.5.2-1) ...
14/09/2023 12:26:29 INFO: Wazuh manager removed.
14/09/2023 12:26:29 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 971 MB disk space will be freed.
(Reading database ... 171975 files and directories currently installed.)
Removing wazuh-indexer (4.5.2-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 170891 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.5.2-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
14/09/2023 12:26:33 INFO: Wazuh indexer removed.
14/09/2023 12:26:33 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
14/09/2023 12:26:33 INFO: Wazuh indexer removed.
14/09/2023 12:26:33 INFO: Removing Filebeat.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
filebeat*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 73.6 MB disk space will be freed.
(Reading database ... 170852 files and directories currently installed.)
Removing filebeat (7.10.2) ...
(Reading database ... 170560 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
14/09/2023 12:26:35 INFO: Filebeat removed.
14/09/2023 12:26:35 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 813 MB disk space will be freed.
(Reading database ... 170533 files and directories currently installed.)
Removing wazuh-dashboard (4.5.2-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
(Reading database ... 75825 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.5.2-1) ...
OK
14/09/2023 12:26:45 INFO: Wazuh dashboard removed.
14/09/2023 12:26:45 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue. It is necessary to debug the |
I am looking into the problem, the fix that I recommended is just the first step but a necessary one since the later steps build on the internal_users.yml. In AWS, using the latest version, after the fix, the filebeat fails if I restart all services then run the /usr/share/wazuh-indexer/bin/indexer-security-init.sh then it seems to be working. I would also separate the installation from the password change. I have not tested the installation. Next I will give a more detailed version with logs, what happens when I try to change the password. I will need some time. |
Summery, the steps:
Logs:Initial state
After password change
internal users yml
after restarting the indexer
After /usr/share/wazuh-indexer/bin/indexer-security-init.sh
|
@davidcr01 I did other experiments, instead of my original idea, I propose this change:
|
Update ReportInvestigating the problemAfter investigating the issue, the problem was found in the following lines: if [ -n "${indexer_installed}" ] && [ -f "/etc/wazuh-indexer/backup/internal_users.yml" ]; then
awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
fi This command is not wrong, as it is saving the new configuration in the backup. The problem is that, when the passwords are being changed in the The proposed fix is to update the awk -v new="${hash}" 'prev=="'${nuser}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml The TestingWith the mentioned changes, this AIO installation is performed correctly. 🟢 AIO installation logroot@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -o -v
18/09/2023 09:07:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 09:07:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 09:07:51 INFO: --- Removing existing Wazuh installation ---
18/09/2023 09:07:51 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
18/09/2023 09:07:51 INFO: Wazuh indexer removed.
18/09/2023 09:07:51 INFO: Wazuh GPG key was not found in the system
18/09/2023 09:07:52 INFO: Installation cleaned.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Get:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease [119 kB]
Get:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease [109 kB]
Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB]
Get:5 https://mirrors.edge.kernel.org/ubuntu jammy-updates/main amd64 Packages [973 kB]
Get:6 https://mirrors.edge.kernel.org/ubuntu jammy-updates/universe amd64 Packages [981 kB]
Get:7 https://mirrors.edge.kernel.org/ubuntu jammy-updates/universe Translation-en [214 kB]
Fetched 2,506 kB in 3s (968 kB/s)
Reading package lists...
18/09/2023 09:08:04 WARNING: Hardware and system checks ignored.
18/09/2023 09:08:04 INFO: Wazuh web interface port will be 443.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
18/09/2023 09:08:11 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Get:5 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [32.1 kB]
Fetched 49.4 kB in 6s (8,182 B/s)
Reading package lists...
18/09/2023 09:08:19 INFO: Wazuh repository added.
18/09/2023 09:08:19 INFO: --- Configuration files ---
18/09/2023 09:08:19 INFO: Generating configuration files.
18/09/2023 09:08:19 DEBUG: Creating the root certificate.
.....+......+...+....+..+.+............+..+......+.......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.....+...+.......+...............+...+..............+.......+...+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+...+......+.......+.........+......+..+...+...+.......+...+..+.........+...+.......+...+..+....+.....+.......+........+.+...+..+................+..+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+..+.........+...+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
18/09/2023 09:08:20 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
......+.......+......+..+....+......+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.......+..+....+...........+.+...+..+....+.....+....+..+...+..........+.....+.+.......................+.+..+.......+...........+..........+.........+...+.................+...+....+..............+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+..+..........+...........+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+...+......+..+..........+...+...........+.........+......+.+.....+....+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
18/09/2023 09:08:20 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
......+.+...........+.+..+.+............+..................+..+.........+.+...+..+.......+......+...............+..+.........+.........+.........+...+.........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+.....+....+...+...+..+...+.+.........+.................+...+.+...+..+...+......+....+...........+......+...+...+............+.+.....+.+...............+.....+.+.........+..............+.......+..+......+....+........+.........+...+.......+........+...+.......+......+.........+......+......+.....+..................+...+....+.....+.............+........+.............+..+.......+.....+.......+......+...+......+......+...+..+....+...+........+...+......+......+.......+.....+...+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+.......+............+......+...+..+.........+....+......+...+...........+....+.....+.+.........+.....+.......+......+..+.......+......+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+.+.....+...+.......+..+.+..+.............+..+...+.+......+.........+...+...+...+............+..+......+.+.....+.+...............+............+.....+.+.........+..+...+.+..+....+........+...+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+....+..+.........+.........+.+...+........+............+.+..+.......+..+......+...+..........+..+....+......+..+.+......+......+............+........+...+.......+...+............+..+.+...............+..+.......+...........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
18/09/2023 09:08:20 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days without -x509; not generating a certificate
.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+......+.....+.+.....+...+.+....................+.......+..+......+......+.+.....+.......+...+.........+...+.....+.............+.....+...+....+..+...+................+..+...+....+...+..+..........+......+..+...+.........+...+.........+...+......+....+.................+.+...+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..........+.+...+...+.....+.............+..+.......+..+...+.............+..+......+.+.....+...+......+.......+..+.+......+........+......+....+..+................+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+..+.......+............+.........+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
18/09/2023 09:08:21 DEBUG: Generating random passwords.
18/09/2023 09:08:21 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/09/2023 09:08:21 INFO: --- Wazuh indexer ---
18/09/2023 09:08:21 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/683 MB of archives.
After this operation, 971 MB of additional disk space will be used.
Selecting previously unselected package wazuh-indexer.
(Reading database ... 75816 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.2-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.2-1) ...
Setting up wazuh-indexer (4.5.2-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:09:17 INFO: Wazuh indexer installation finished.
18/09/2023 09:09:17 DEBUG: Configuring Wazuh indexer.
18/09/2023 09:09:17 INFO: Wazuh indexer post-install configuration finished.
18/09/2023 09:09:17 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
18/09/2023 09:09:47 INFO: wazuh-indexer service started.
18/09/2023 09:09:47 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
18/09/2023 09:09:58 INFO: Wazuh indexer cluster initialized.
18/09/2023 09:09:58 INFO: --- Wazuh server ---
18/09/2023 09:09:58 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
expect
The following NEW packages will be installed:
wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/171 MB of archives.
After this operation, 627 MB of additional disk space will be used.
Selecting previously unselected package wazuh-manager.
(Reading database ... 76939 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.2-1_amd64.deb ...
Unpacking wazuh-manager (4.5.2-1) ...
Setting up wazuh-manager (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:10:53 INFO: Wazuh manager installation finished.
18/09/2023 09:10:53 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
18/09/2023 09:11:20 INFO: wazuh-manager service started.
18/09/2023 09:11:20 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
filebeat
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/22.1 MB of archives.
After this operation, 73.6 MB of additional disk space will be used.
Selecting previously unselected package filebeat.
(Reading database ... 98213 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:11:29 INFO: Filebeat installation finished.
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
18/09/2023 09:11:31 INFO: Filebeat post-install configuration finished.
18/09/2023 09:11:31 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
18/09/2023 09:11:33 INFO: filebeat service started.
18/09/2023 09:11:33 INFO: --- Wazuh dashboard ---
18/09/2023 09:11:33 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/128 MB of archives.
After this operation, 813 MB of additional disk space will be used.
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 98532 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.2-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.2-1) ...
Setting up wazuh-dashboard (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:12:39 INFO: Wazuh dashboard installation finished.
18/09/2023 09:12:39 DEBUG: Wazuh dashboard certificate setup finished.
18/09/2023 09:12:39 INFO: Wazuh dashboard post-install configuration finished.
18/09/2023 09:12:39 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
18/09/2023 09:12:40 INFO: wazuh-dashboard service started.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:12:40'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:12:40 DEBUG: Setting Wazuh indexer cluster passwords.'
18/09/2023 09:12:40 DEBUG: Setting Wazuh indexer cluster passwords.
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-manager
+ wazuh_installed='wazuh-manager/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/ossec ']'
+ wazuh_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-indexer
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed='filebeat/stable,now 7.10.2 amd64 [installed]'
+ '[' -d /var/lib/filebeat/ ']'
+ filebeat_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-dashboard
++ apt list --installed
+ dashboard_installed='wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ dashboard_remaining_files=1
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ changeall=1
+ passwords_readUsers
++ grep -v hash:
++ awk '{ print substr( $0, 1, length($0)-1 ) }'
++ grep -B 1 hash: /etc/wazuh-indexer/opensearch-security/internal_users.yml
++ grep -v -
+ susers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t users
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i =~ Invalid credentials ]]
+ passwords_getApiUsers
+ mapfile -t api_users
++ awk '-F: ' '{print $2}'
++ sed -e 's/[\'\''",]//g'
++ grep username
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
+ passwords_getApiIds
+ mapfile -t api_ids
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
++ awk '-F: ' '{print $2}'
++ sed -e 's/[\'\''",]//g'
++ grep id
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfilepasswords='L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*
*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0
h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9
Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapiusers='wazuh
wazuh-wui'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapipasswords='s2NFO2CwFI.4FOeUby*a07.df?5NjhPE
hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*
*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0
h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9
Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE
hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ '[' -n 1 ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ grep -q '[A-Z]'
+ grep -q '[a-z]'
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ grep -q '[0-9]'
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaserver == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ logstash == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ readall == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \a\d\m\i\n ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ passwords_checkPassword NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[A-Z]'
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[a-z]'
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[0-9]'
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\r\o ]]
+ passwords_checkPassword 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[A-Z]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[a-z]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[0-9]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[.*+?-]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ supported=true
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\r\o ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ logstash == \l\o\g\s\t\a\s\h ]]
+ passwords_checkPassword '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ grep -q '[A-Z]'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ supported=true
+ for i in "${!users[@]}"
+ [[ readall == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \l\o\g\s\t\a\s\h ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ logstash == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ readall == \r\e\a\d\a\l\l ]]
+ passwords_checkPassword 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ grep -q '[A-Z]'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ grep -q '[.*+?-]'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ supported=true
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \r\e\a\d\a\l\l ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ logstash == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ readall == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ passwords_checkPassword Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[A-Z]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[a-z]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[0-9]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[.*+?-]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[A-Z]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[a-z]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[0-9]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[.*+?-]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='s2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[A-Z]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[a-z]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[0-9]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[.*+?-]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ supported=true
+ '[' true = false ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getNetworkHost
++ grep -hr network.host: /etc/wazuh-indexer/opensearch.yml
+ IP='network.host: "127.0.0.1"'
+ NH='network.host: '
+ IP='"127.0.0.1"'
+ [[ "127.0.0.1" =~ _.*_ ]]
+ '[' '"127.0.0.1"' == 0.0.0.0 ']'
+ passwords_generateHash
+ '[' -n 1 ']'
+ common_logger -d 'Generating password hashes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:12:47'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Generating password hashes.' ']'
+ case ${1} in
+ message='Generating password hashes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:12:47 DEBUG: Generating password hashes.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:12:47 DEBUG: Generating password hashes.
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
++ grep -A 2 issues
++ tail -n 1
+ nhash='$2y$12$HxGV5NtUx7TVAcks4.idheEEfAlRfiuSKASpip0uIuXL0JEyhspYW'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
++ tail -n 1
+ nhash='$2y$12$OZfEj9XLMSeEbyTXPszuM.dMjMa1nK/S5dcShiYiGYdD2yrcRNDiO'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ nhash='$2y$12$k7T08D7tMOndX8sDk3flL.lIZHkaa3U/ll84ilpOc6m8NGyeSeWCi'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$xRAzgRyEPsPKbQ0kpw6ZIe6e0MsP.iOvgSwGoy8GoBmnF5Wl5su5G'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ nhash='$2y$12$i429icaTlWHtrMQ36ewXbeQ6OZiLOHNuLFGG.nRn1Jo11epC7w4Xe'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ nhash='$2y$12$wbopfq6I.Mr2kpHscEJwHeV67fPQWYiaLU8xkfz57n4XpRbhkCKja'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ common_logger -d 'Password hashes generated.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:04'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password hashes generated.' ']'
+ case ${1} in
+ message='Password hashes generated.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:04 DEBUG: Password hashes generated.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:04 DEBUG: Password hashes generated.
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z ']'
+ eval 'mkdir /etc/wazuh-indexer/backup/ 2>/dev/null'
++ mkdir /etc/wazuh-indexer/backup/
+ eval 'cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null'
++ cp /etc/wazuh-indexer/opensearch-security/action_groups.yml /etc/wazuh-indexer/opensearch-security/allowlist.yml /etc/wazuh-indexer/opensearch-security/audit.yml /etc/wazuh-indexer/opensearch-security/config.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml /etc/wazuh-indexer/opensearch-security/nodes_dn.yml /etc/wazuh-indexer/opensearch-security/opensearch.yml.example /etc/wazuh-indexer/opensearch-security/roles_mapping.yml /etc/wazuh-indexer/opensearch-security/roles.yml /etc/wazuh-indexer/opensearch-security/tenants.yml /etc/wazuh-indexer/opensearch-security/whitelist.yml /etc/wazuh-indexer/backup/
+ passwords_createBackUp
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z '' ]]
+ passwords_readAdmincerts
+ [[ -f /etc/wazuh-indexer/certs/admin.pem ]]
+ adminpem=/etc/wazuh-indexer/certs/admin.pem
+ [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]
+ adminkey=/etc/wazuh-indexer/certs/admin-key.pem
+ common_logger -d 'Creating password backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:05'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Creating password backup.' ']'
+ case ${1} in
+ message='Creating password backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:13:05 DEBUG: Creating password backup.'
18/09/2023 09:13:05 DEBUG: Creating password backup.
+ eval 'mkdir /etc/wazuh-indexer/backup 2>&1 | tee -a /var/log/wazuh-install.log'
++ mkdir /etc/wazuh-indexer/backup
++ tee -a /var/log/wazuh-install.log
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
+ eval 'JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
++ tee -a /var/log/wazuh-install.log
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password backup created in /etc/wazuh-indexer/backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:13'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password backup created in /etc/wazuh-indexer/backup.' ']'
+ case ${1} in
+ message='Password backup created in /etc/wazuh-indexer/backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:13 DEBUG: Password backup created in /etc/wazuh-indexer/backup.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:13 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$HxGV5NtUx7TVAcks4.idheEEfAlRfiuSKASpip0uIuXL0JEyhspYW' 'prev=="admin:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' admin == admin ']'
+ adminpass=L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$OZfEj9XLMSeEbyTXPszuM.dMjMa1nK/S5dcShiYiGYdD2yrcRNDiO' 'prev=="kibanaserver:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' kibanaserver == admin ']'
+ '[' kibanaserver == kibanaserver ']'
+ dashpass=NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$k7T08D7tMOndX8sDk3flL.lIZHkaa3U/ll84ilpOc6m8NGyeSeWCi' 'prev=="kibanaro:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' kibanaro == admin ']'
+ '[' kibanaro == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$xRAzgRyEPsPKbQ0kpw6ZIe6e0MsP.iOvgSwGoy8GoBmnF5Wl5su5G' 'prev=="logstash:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' logstash == admin ']'
+ '[' logstash == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$i429icaTlWHtrMQ36ewXbeQ6OZiLOHNuLFGG.nRn1Jo11epC7w4Xe' 'prev=="readall:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' readall == admin ']'
+ '[' readall == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$wbopfq6I.Mr2kpHscEJwHeV67fPQWYiaLU8xkfz57n4XpRbhkCKja' 'prev=="snapshotrestore:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' snapshotrestore == admin ']'
+ '[' snapshotrestore == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ grep -q password
+ filebeat keystore list
+ eval 'echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS | filebeat keystore add password --force --stdin 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ filebeat keystore add password --force --stdin
++ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
Successfully updated the keystore
+ passwords_restartService filebeat
+ '[' 1 -ne 1 ']'
+ grep -E -q '^\ *1\ .*systemd$'
+ ps -e
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl daemon-reload
+ eval 'systemctl restart filebeat.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl restart filebeat.service
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'filebeat started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:15'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'filebeat started.' ']'
+ case ${1} in
+ message='filebeat started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:13:15 DEBUG: filebeat started.'
18/09/2023 09:13:15 DEBUG: filebeat started.
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n 'wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq ']'
+ grep -q opensearch.password
+ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list
+ eval 'echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password '
++ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
++ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
+ passwords_restartService wazuh-dashboard
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl daemon-reload
+ eval 'systemctl restart wazuh-dashboard.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl restart wazuh-dashboard.service
++ tee -a /var/log/wazuh-install.log
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'wazuh-dashboard started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:17'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'wazuh-dashboard started.' ']'
+ case ${1} in
+ message='wazuh-dashboard started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:17 DEBUG: wazuh-dashboard started.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:17 DEBUG: wazuh-dashboard started.
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_runSecurityAdmin
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z /etc/wazuh-indexer/certs/admin.pem ]]
+ [[ -z /etc/wazuh-indexer/certs/admin-key.pem ]]
+ common_logger -d 'Loading new passwords changes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:17'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Loading new passwords changes.' ']'
+ case ${1} in
+ message='Loading new passwords changes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:17 DEBUG: Loading new passwords changes.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:17 DEBUG: Loading new passwords changes.
+ read -p Wait
Wait
+ eval 'OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
++ tee -a /var/log/wazuh-install.log
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
+ '[' 0 '!=' 0 ']'
+ eval 'rm -rf /etc/wazuh-indexer/backup/ 2>&1 | tee -a /var/log/wazuh-install.log'
++ rm -rf /etc/wazuh-indexer/backup/
++ tee -a /var/log/wazuh-install.log
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' -n 1 ']'
+ '[' -z 1 ']'
+ common_logger -d 'Passwords changed.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:17:45'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Passwords changed.' ']'
+ case ${1} in
+ message='Passwords changed.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:17:45 DEBUG: Passwords changed.'
18/09/2023 09:17:45 DEBUG: Passwords changed.
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ installCommon_changePasswordApi
+ '[' -n 1 ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh ']'
+ user_id=1
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh-wui ']'
+ '[' 1 == noid ']'
+ WAZUH_PASS_API='{"password":"s2NFO2CwFI.4FOeUby*a07.df?5NjhPE"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i' -H 'Content-Type: application/json' -d '{"password":"s2NFO2CwFI.4FOeUby*a07.df?5NjhPE"}' https://localhost:55000/security/users/1 -o /dev/null
+ '[' wazuh == wazuh ']'
+ sleep 1
+ adminPassword='s2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u 'wazuh:s2NFO2CwFI.4FOeUby*a07.df?5NjhPE' -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP =~ Invalid credentials ]]
+ '[' wazuh == wazuh-wui ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh-wui
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh ']'
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh-wui ']'
+ user_id=2
+ '[' 2 == noid ']'
+ WAZUH_PASS_API='{"password":"hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP' -H 'Content-Type: application/json' -d '{"password":"hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"}' https://localhost:55000/security/users/2 -o /dev/null
+ '[' wazuh-wui == wazuh ']'
+ '[' wazuh-wui == wazuh-wui ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_changeDashboardApiPassword 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ j=0
+ '[' -n '' ']'
+ '[' 0 -eq 12 ']'
+ '[' -f /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ']'
+ eval 'sed -i '\''s|password: .*|password: "hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"|g'\'' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml'
++ sed -i 's|password: .*|password: "hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"|g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+ '[' -z 1 ']'
+ file_exists=1
+ sleep 5
+ j=1
+ '[' -n 1 ']'
+ set +x
18/09/2023 09:17:56 INFO: Initializing Wazuh dashboard web application.
18/09/2023 09:17:56 INFO: Wazuh dashboard web application initialized.
18/09/2023 09:17:56 INFO: --- Summary ---
18/09/2023 09:17:56 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
18/09/2023 09:17:56 INFO: Installation finished.
root@ubuntu22:/home/vagrant# 🟢 `internal_users.yml` fileroot@ubuntu22:/home/vagrant# ls -la /etc/wazuh-indexer/opensearch-security/internal_users.yml
-rw-r----- 1 wazuh-indexer wazuh-indexer 1133 Sep 18 09:13 /etc/wazuh-indexer/opensearch-security/internal_users.yml
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml
---
_meta:
type: "internalusers"
config_version: 2
admin:
hash: $2y$12$HxGV5NtUx7TVAcks4.idheEEfAlRfiuSKASpip0uIuXL0JEyhspYW
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
kibanaserver:
hash: $2y$12$OZfEj9XLMSeEbyTXPszuM.dMjMa1nK/S5dcShiYiGYdD2yrcRNDiO
reserved: true
description: "Demo kibanaserver user"
kibanaro:
hash: $2y$12$k7T08D7tMOndX8sDk3flL.lIZHkaa3U/ll84ilpOc6m8NGyeSeWCi
reserved: false
backend_roles:
- "kibanauser"
- "readall"
attributes:
attribute1: "value1"
attribute2: "value2"
attribute3: "value3"
description: "Demo kibanaro user"
logstash:
hash: $2y$12$xRAzgRyEPsPKbQ0kpw6ZIe6e0MsP.iOvgSwGoy8GoBmnF5Wl5su5G
reserved: false
backend_roles:
- "logstash"
description: "Demo logstash user"
readall:
hash: $2y$12$i429icaTlWHtrMQ36ewXbeQ6OZiLOHNuLFGG.nRn1Jo11epC7w4Xe
reserved: false
backend_roles:
- "readall"
description: "Demo readall user"
snapshotrestore:
hash: $2y$12$wbopfq6I.Mr2kpHscEJwHeV67fPQWYiaLU8xkfz57n4XpRbhkCKja
reserved: false
backend_roles:
- "snapshotrestore"
description: "Demo snapshotrestore user" It is necessary to perform more testing, changing the users' passwords, in order to ensure that the change successfully solves the problem. This change should solve all the issues as the |
@davidcr01 I also got the same conclusion as you if you check my last comment, however I proposed a different location for the copy. I am not fully aware how the installation works... If the If the files exists then two locations are possible to simplify the code:
|
Plus one more thing, as I mentioned the the solution is inconsistent with quotes. When you use it with - |
Hello @micsinyei. This change can not be included in the In the Installation Assistant, the passwords are changed in:
But, the security admin tool is executed only in:
if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then
passwords_runSecurityAdmin
fi With this, the The other option is not valid as the internal_users.yml file will be tried to copy in some cases that are not necessary, and an Here is the related log: Step-by-step installation using the Unattendedroot@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -o -v
18/09/2023 10:28:16 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:28:16 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:28:18 INFO: --- Removing existing Wazuh installation ---
18/09/2023 10:28:18 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
After this operation, 627 MB disk space will be freed.
(Reading database ... 193249 files and directories currently installed.) (Reading database ...
Removing wazuh-manager (4.5.2-1) ...
(Reading database ... 171995 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.5.2-1) ...
18/09/2023 10:28:28 INFO: Wazuh manager removed.
18/09/2023 10:28:28 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
After this operation, 971 MB disk space will be freed.
(Reading database ... 171975 files and directories currently installed.) (Reading database ...
Removing wazuh-indexer (4.5.2-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 170891 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.5.2-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
18/09/2023 10:28:33 INFO: Wazuh indexer removed.
18/09/2023 10:28:33 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
18/09/2023 10:28:34 INFO: Wazuh indexer removed.
18/09/2023 10:28:34 INFO: Removing Filebeat.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
filebeat*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
After this operation, 73.6 MB disk space will be freed.
(Reading database ... 170852 files and directories currently installed.) (Reading database ...
Removing filebeat (7.10.2) ...
(Reading database ... 170560 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
18/09/2023 10:28:35 INFO: Filebeat removed.
18/09/2023 10:28:35 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
After this operation, 813 MB disk space will be freed.
(Reading database ... 170533 files and directories currently installed.) (Reading database ...
Removing wazuh-dashboard (4.5.2-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
(Reading database ... 75825 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.5.2-1) ...
OK
18/09/2023 10:28:41 INFO: Wazuh dashboard removed.
18/09/2023 10:28:42 INFO: Installation cleaned.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Get:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease [119 kB]
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB]
Fetched 229 kB in 7s (34.7 kB/s)
Reading package lists...
18/09/2023 10:28:54 WARNING: Hardware and system checks ignored.
18/09/2023 10:28:54 INFO: Wazuh web interface port will be 443.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
18/09/2023 10:28:58 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Get:1 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [32.1 kB]
Hit:5 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:6 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Fetched 49.4 kB in 1s (46.7 kB/s)
Reading package lists...
18/09/2023 10:29:01 INFO: Wazuh repository added.
18/09/2023 10:29:01 INFO: --- Configuration files ---
18/09/2023 10:29:01 INFO: Generating configuration files.
18/09/2023 10:29:01 DEBUG: Creating the root certificate.
....+...+...+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+..................+.......+...+..+...+......+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.+...........+.+...+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+...+........+.+...+...+...+.........+........+.......+.....+.+.....+..........+.....+....+......+............+..+.+......+.....+.+..+...+...+.+...+..+.............+......+.................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+..+...+.......+..+....+............+..+.............+........+.+.....+...+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+.+...........+......+...+....+.....+......+....+........+...+....+...+..+...+.......+.....+.......+........+.+......+......+.........+..............+.......+........+..........+.....+......+.............+........+....+...+......+............+........+.+.....+...+......+.+......+..+......+.+......+.....+...+....+...+.........+.....+...+..........+...+..+..........+..+.........+..........+......+......+.....+....+.....+....+..+.............+..+....+.....+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
18/09/2023 10:29:02 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
.....+.......+...+........+....+..+....+...........+....+..............+...+....+...+..+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+........+.......+.....+..................+....+.....+.......+.....+...+.+......+........+............+.........+......+.........+.+...+.....+...+...+....+........+...............+.........+..........+...+...+..+..........+......+.....+.+......+..+...+..........+..............+.+...+..+.........+...................+..+....+..................+.....+.......+........+.+.....+....+.................+.+...+..+.......+..+...+............+...+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+......+.........+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
18/09/2023 10:29:02 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
...+...+...+.+...+...+............+...+.....+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+...+.......+..+.......+........+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+.+..+....+.....+...+......+.+......+..+..........+..+...+......+.+...+...+.....+.........+.+.........+...+......+.....+.+...+.....+...+...+..........+...........+....+......+.....+.....................+...+....+.....+.+..+..................+.......+.....+...+................+........+.+.........+..+.+.....+...+.+...........+...+..........+......+...+.....+...+....+....................+..........+.....+...+...............+......+....+..+.....................+...............+.......+......+..+....+...+...+..+............+.+..+.......+...+...+.........+.........+............+.....+.......+......+..+...+.......+.....+...+.+...+..................+.....+.......+..+.+........+..........+..+..........+..+...+.......+.....+..........+.....+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+.+.....+...+............+...+....+.....+.+.........+...........+.+...+........+.......+......+......+........+.+.....+.+.....+.+.....+.......+......+.................+.......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+.+...+....................+................+......+...+...+..+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
18/09/2023 10:29:03 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days without -x509; not generating a certificate
..+......+......................+...+......+........+..........+........+...+.+......+..+.+...............+.....+....+........+.........+.+...+...........+.+.....+....+...+..+..................+...+.......+...+........+.......+..+.+..............+.............+...+.....+......+.+..+...+..................+.+...+.....+......+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+......+....+...........+...+.......+..................+...+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......................+.....+...+....+......+.........+......+..+..........+........+....+.........+.....+......+.+..+...+...............+...+.+...+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+...+...+.........+..+....+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+.+...+............+......+..+.+............+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+......................+.....+.........+................+.....+........................+.+.....+....+........+..........+...+........+.........+.+......+.....+......+.......+...+........+......+.+...+...............+.....+......+......+....+...+..+.+...+.........+..+...+...+............+.+..+...+.......+............+...+........+......+.+.........+...+............+..................+..+...............+....+..............+.............+...+...........+..........+.....+...+............+......+...+....+.....+..........+...........+.+......+........+.+.....+.+..+.+..............+.+.....+......+.+.....+.............+.........+..+.+..+...+............+...+....+......+.....+.......+.....................+....................+....+..+.+.....+.......+.....+............+..........+...+...+..+...+...+.......+..............+.+..+.+..+...+....+............+.........+..+.........+..........+..........................+.......+..+.+...+............+..+.+.........+..+.+..+......+.+.....+...............+......+....+........+.+.....+............+...+.+......+..+......+.+........+.......+......+..+......+.......+...+.....+......+......+.........+...+.+.....+..........+.....+......+...+.+...........+.+...+.........+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
18/09/2023 10:29:03 DEBUG: Generating random passwords.
18/09/2023 10:29:04 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/09/2023 10:29:04 INFO: --- Wazuh indexer ---
18/09/2023 10:29:04 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/683 MB of archives.
After this operation, 971 MB of additional disk space will be used.
Selecting previously unselected package wazuh-indexer.
(Reading database ... 75816 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.2-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.2-1) ...
Setting up wazuh-indexer (4.5.2-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:29:57 INFO: Wazuh indexer installation finished.
18/09/2023 10:29:57 DEBUG: Configuring Wazuh indexer.
18/09/2023 10:29:57 INFO: Wazuh indexer post-install configuration finished.
18/09/2023 10:29:57 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
18/09/2023 10:30:20 INFO: wazuh-indexer service started.
18/09/2023 10:30:20 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
18/09/2023 10:30:31 INFO: Wazuh indexer cluster initialized.
18/09/2023 10:30:31 INFO: --- Wazuh server ---
18/09/2023 10:30:31 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
expect
The following NEW packages will be installed:
wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/171 MB of archives.
After this operation, 627 MB of additional disk space will be used.
Selecting previously unselected package wazuh-manager.
(Reading database ... 76939 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.2-1_amd64.deb ...
Unpacking wazuh-manager (4.5.2-1) ...
Setting up wazuh-manager (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:31:19 INFO: Wazuh manager installation finished.
18/09/2023 10:31:19 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
18/09/2023 10:31:47 INFO: wazuh-manager service started.
18/09/2023 10:31:47 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
filebeat
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/22.1 MB of archives.
After this operation, 73.6 MB of additional disk space will be used.
Selecting previously unselected package filebeat.
(Reading database ... 98213 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:31:55 INFO: Filebeat installation finished.
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
18/09/2023 10:31:58 INFO: Filebeat post-install configuration finished.
18/09/2023 10:31:58 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
18/09/2023 10:32:00 INFO: filebeat service started.
18/09/2023 10:32:00 INFO: --- Wazuh dashboard ---
18/09/2023 10:32:00 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/128 MB of archives.
After this operation, 813 MB of additional disk space will be used.
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 98532 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.2-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.2-1) ...
Setting up wazuh-dashboard (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:33:05 INFO: Wazuh dashboard installation finished.
18/09/2023 10:33:05 DEBUG: Wazuh dashboard certificate setup finished.
18/09/2023 10:33:05 INFO: Wazuh dashboard post-install configuration finished.
18/09/2023 10:33:05 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
18/09/2023 10:33:06 INFO: wazuh-dashboard service started.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:06'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:06 DEBUG: Setting Wazuh indexer cluster passwords.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:06 DEBUG: Setting Wazuh indexer cluster passwords.
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt 2>&1 | tee -a /var/log/wazuh-install.log'
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
++ tee -a /var/log/wazuh-install.log
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-manager
++ apt list --installed
+ wazuh_installed='wazuh-manager/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/ossec ']'
+ wazuh_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-indexer
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed='filebeat/stable,now 7.10.2 amd64 [installed]'
+ '[' -d /var/lib/filebeat/ ']'
+ filebeat_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed='wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ dashboard_remaining_files=1
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ changeall=1
+ passwords_readUsers
++ grep -B 1 hash: /etc/wazuh-indexer/opensearch-security/internal_users.yml
++ grep -v hash:
++ grep -v -
++ awk '{ print substr( $0, 1, length($0)-1 ) }'
+ susers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t users
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI =~ Invalid credentials ]]
+ passwords_getApiUsers
+ mapfile -t api_users
++ sed -e 's/[\'\''",]//g'
++ awk '-F: ' '{print $2}'
++ grep username
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
+ passwords_getApiIds
+ mapfile -t api_ids
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
++ grep id
++ sed -e 's/[\'\''",]//g'
++ awk '-F: ' '{print $2}'
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ sed -e 's/[\'\''"]//g'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfilepasswords='srI1FIA*nuTrJsab05HgVszmX5iRxL*Q
pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk
cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1
ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv
j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
+ sfileapiusers='wazuh
wazuh-wui'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapipasswords='wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q
pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk
cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1
ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv
j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ '[' -n 1 ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[A-Z]'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[a-z]'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[0-9]'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaserver == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ logstash == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ readall == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \a\d\m\i\n ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ passwords_checkPassword 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[A-Z]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[a-z]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[0-9]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[.*+?-]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\r\o ]]
+ passwords_checkPassword cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ grep -q '[A-Z]'
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ grep -q '[.*+?-]'
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ supported=true
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\r\o ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ logstash == \l\o\g\s\t\a\s\h ]]
+ passwords_checkPassword 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ grep -q '[A-Z]'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ supported=true
+ for i in "${!users[@]}"
+ [[ readall == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \l\o\g\s\t\a\s\h ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ logstash == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ readall == \r\e\a\d\a\l\l ]]
+ passwords_checkPassword 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[A-Z]'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[a-z]'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[0-9]'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ supported=true
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \r\e\a\d\a\l\l ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ logstash == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ readall == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ passwords_checkPassword 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[A-Z]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[a-z]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[0-9]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[.*+?-]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[A-Z]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[a-z]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[0-9]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[.*+?-]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]=wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[A-Z]'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[a-z]'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[0-9]'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ supported=true
+ '[' true = false ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getNetworkHost
++ grep -hr network.host: /etc/wazuh-indexer/opensearch.yml
+ IP='network.host: "127.0.0.1"'
+ NH='network.host: '
+ IP='"127.0.0.1"'
+ [[ "127.0.0.1" =~ _.*_ ]]
+ '[' '"127.0.0.1"' == 0.0.0.0 ']'
+ passwords_generateHash
+ '[' -n 1 ']'
+ common_logger -d 'Generating password hashes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:11'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Generating password hashes.' ']'
+ case ${1} in
+ message='Generating password hashes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:33:11 DEBUG: Generating password hashes.'
18/09/2023 10:33:11 DEBUG: Generating password hashes.
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ nhash='$2y$12$dpBqTmK3RcoMZyZjyA1Gy.orM04tlt9uTlkpxpmO9W9OyvjE/j15O'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ nhash='$2y$12$o2leArNYU4bjlEUngWfsAuwHaUyXXejw1iguOhfqcdZBE9D09lXN6'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ nhash='$2y$12$jqERUNAcNhENuDA01l.x/OHHPA2nYwF17I2BpbTElHHnoR9bAfvAO'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ nhash='$2y$12$b.OS8hm3wS4EqLO76E0qa./VED4Dg.ugEavLZMCyBb1tQksYJZcjS'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ nhash='$2y$12$eRyB/6Lar2CftftWWBOmqun.5h3JL95lKvows1VNGxrp8MHtmWghe'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ nhash='$2y$12$m2e7aEm.1fYbx.t8mEW96ed/jdleXzxNf3O.QFGOGDMVCWXEO9Mqy'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ common_logger -d 'Password hashes generated.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:25'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password hashes generated.' ']'
+ case ${1} in
+ message='Password hashes generated.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:33:25 DEBUG: Password hashes generated.'
18/09/2023 10:33:25 DEBUG: Password hashes generated.
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z ']'
+ eval 'mkdir /etc/wazuh-indexer/backup/ 2>/dev/null'
++ mkdir /etc/wazuh-indexer/backup/
+ eval 'cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null'
++ cp /etc/wazuh-indexer/opensearch-security/action_groups.yml /etc/wazuh-indexer/opensearch-security/allowlist.yml /etc/wazuh-indexer/opensearch-security/audit.yml /etc/wazuh-indexer/opensearch-security/config.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml /etc/wazuh-indexer/opensearch-security/nodes_dn.yml /etc/wazuh-indexer/opensearch-security/opensearch.yml.example /etc/wazuh-indexer/opensearch-security/roles_mapping.yml /etc/wazuh-indexer/opensearch-security/roles.yml /etc/wazuh-indexer/opensearch-security/tenants.yml /etc/wazuh-indexer/opensearch-security/whitelist.yml /etc/wazuh-indexer/backup/
+ passwords_createBackUp
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z '' ]]
+ passwords_readAdmincerts
+ [[ -f /etc/wazuh-indexer/certs/admin.pem ]]
+ adminpem=/etc/wazuh-indexer/certs/admin.pem
+ [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]
+ adminkey=/etc/wazuh-indexer/certs/admin-key.pem
+ common_logger -d 'Creating password backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:25'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Creating password backup.' ']'
+ case ${1} in
+ message='Creating password backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:25 DEBUG: Creating password backup.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:25 DEBUG: Creating password backup.
+ eval 'mkdir /etc/wazuh-indexer/backup 2>&1 | tee -a /var/log/wazuh-install.log'
++ mkdir /etc/wazuh-indexer/backup
++ tee -a /var/log/wazuh-install.log
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
+ eval 'JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password backup created in /etc/wazuh-indexer/backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:30'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password backup created in /etc/wazuh-indexer/backup.' ']'
+ case ${1} in
+ message='Password backup created in /etc/wazuh-indexer/backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:30 DEBUG: Password backup created in /etc/wazuh-indexer/backup.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:30 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$dpBqTmK3RcoMZyZjyA1Gy.orM04tlt9uTlkpxpmO9W9OyvjE/j15O' 'prev=="admin:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' admin == admin ']'
+ adminpass='srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$o2leArNYU4bjlEUngWfsAuwHaUyXXejw1iguOhfqcdZBE9D09lXN6' 'prev=="kibanaserver:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaserver == admin ']'
+ '[' kibanaserver == kibanaserver ']'
+ dashpass='pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$jqERUNAcNhENuDA01l.x/OHHPA2nYwF17I2BpbTElHHnoR9bAfvAO' 'prev=="kibanaro:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaro == admin ']'
+ '[' kibanaro == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$b.OS8hm3wS4EqLO76E0qa./VED4Dg.ugEavLZMCyBb1tQksYJZcjS' 'prev=="logstash:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' logstash == admin ']'
+ '[' logstash == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$eRyB/6Lar2CftftWWBOmqun.5h3JL95lKvows1VNGxrp8MHtmWghe' 'prev=="readall:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' readall == admin ']'
+ '[' readall == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$m2e7aEm.1fYbx.t8mEW96ed/jdleXzxNf3O.QFGOGDMVCWXEO9Mqy' 'prev=="snapshotrestore:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' snapshotrestore == admin ']'
+ '[' snapshotrestore == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ grep -q password
+ filebeat keystore list
+ eval 'echo srI1FIA*nuTrJsab05HgVszmX5iRxL*Q | filebeat keystore add password --force --stdin 2>&1 | tee -a /var/log/wazuh-install.log'
++ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
++ tee -a /var/log/wazuh-install.log
++ filebeat keystore add password --force --stdin
Successfully updated the keystore
+ passwords_restartService filebeat
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl daemon-reload
++ tee -a /var/log/wazuh-install.log
+ eval 'systemctl restart filebeat.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl restart filebeat.service
++ tee -a /var/log/wazuh-install.log
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'filebeat started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:31'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'filebeat started.' ']'
+ case ${1} in
+ message='filebeat started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:33:31 DEBUG: filebeat started.'
18/09/2023 10:33:31 DEBUG: filebeat started.
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n 'wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk' ']'
+ grep -q opensearch.password
+ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list
+ eval 'echo pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password '
++ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
++ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
+ passwords_restartService wazuh-dashboard
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl daemon-reload
+ eval 'systemctl restart wazuh-dashboard.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl restart wazuh-dashboard.service
++ tee -a /var/log/wazuh-install.log
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'wazuh-dashboard started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:33'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'wazuh-dashboard started.' ']'
+ case ${1} in
+ message='wazuh-dashboard started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:33 DEBUG: wazuh-dashboard started.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:33 DEBUG: wazuh-dashboard started.
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_runSecurityAdmin
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z /etc/wazuh-indexer/certs/admin.pem ]]
+ [[ -z /etc/wazuh-indexer/certs/admin-key.pem ]]
+ common_logger -d 'Loading new passwords changes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:33'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Loading new passwords changes.' ']'
+ case ${1} in
+ message='Loading new passwords changes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:33 DEBUG: Loading new passwords changes.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:33 DEBUG: Loading new passwords changes.
+ read -p Wait
Wait
+ eval 'OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
++ tee -a /var/log/wazuh-install.log
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
+ '[' 0 '!=' 0 ']'
+ eval 'cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml'
++ cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ eval 'rm -rf /etc/wazuh-indexer/backup/ 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ rm -rf /etc/wazuh-indexer/backup/
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' -n 1 ']'
+ '[' -z 1 ']'
+ common_logger -d 'Passwords changed.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:37:05'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Passwords changed.' ']'
+ case ${1} in
+ message='Passwords changed.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:37:05 DEBUG: Passwords changed.'
18/09/2023 10:37:05 DEBUG: Passwords changed.
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ installCommon_changePasswordApi
+ '[' -n 1 ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh ']'
+ user_id=1
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh-wui ']'
+ '[' 1 == noid ']'
+ WAZUH_PASS_API='{"password":"wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI' -H 'Content-Type: application/json' -d '{"password":"wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW"}' https://localhost:55000/security/users/1 -o /dev/null
+ '[' wazuh == wazuh ']'
+ sleep 1
+ adminPassword=wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul =~ Invalid credentials ]]
+ '[' wazuh == wazuh-wui ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh-wui
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh ']'
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh-wui ']'
+ user_id=2
+ '[' 2 == noid ']'
+ WAZUH_PASS_API='{"password":"iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul' -H 'Content-Type: application/json' -d '{"password":"iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"}' https://localhost:55000/security/users/2 -o /dev/null
+ '[' wazuh-wui == wazuh ']'
+ '[' wazuh-wui == wazuh-wui ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_changeDashboardApiPassword 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ j=0
+ '[' -n '' ']'
+ '[' 0 -eq 12 ']'
+ '[' -f /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ']'
+ eval 'sed -i '\''s|password: .*|password: "iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"|g'\'' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml'
++ sed -i 's|password: .*|password: "iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"|g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+ '[' -z 1 ']'
+ file_exists=1
+ sleep 5
+ j=1
+ '[' -n 1 ']'
+ set +x
18/09/2023 10:37:14 INFO: Initializing Wazuh dashboard web application.
18/09/2023 10:37:15 INFO: Wazuh dashboard web application initialized.
18/09/2023 10:37:15 INFO: --- Summary ---
18/09/2023 10:37:15 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: srI1FIA*nuTrJsab05HgVszmX5iRxL*Q
18/09/2023 10:37:15 INFO: Installation finished.
root@ubuntu22:/home/vagrant# bash wazuh-install.sh -wi node-1 -o -i -t wazuh-install-files.tar && bash wazuh-install.sh -s
18/09/2023 10:47:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:47:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:47:51 INFO: --- Removing existing Wazuh installation ---
18/09/2023 10:47:51 INFO: Removing Wazuh indexer.
18/09/2023 10:47:51 INFO: Wazuh indexer removed.
18/09/2023 10:47:51 INFO: Wazuh GPG key was not found in the system
18/09/2023 10:47:52 INFO: Installation cleaned.
18/09/2023 10:47:58 WARNING: Hardware and system checks ignored.
18/09/2023 10:48:04 INFO: Wazuh repository added.
18/09/2023 10:48:04 INFO: --- Wazuh indexer ---
18/09/2023 10:48:04 INFO: Starting Wazuh indexer installation.
18/09/2023 10:48:54 INFO: Wazuh indexer installation finished.
18/09/2023 10:48:54 INFO: Wazuh indexer post-install configuration finished.
18/09/2023 10:48:54 INFO: Starting service wazuh-indexer.
18/09/2023 10:49:15 INFO: wazuh-indexer service started.
18/09/2023 10:49:15 INFO: Initializing Wazuh indexer cluster security settings.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:16'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -f wazuh-install-files.tar ']'
+ eval 'tar -xf wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt >> /var/log/wazuh-install.log 2>&1'
++ tar -xf wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-manager
+ wazuh_installed=
+ '[' -d /var/ossec ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-indexer
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed=
+ '[' -d /var/lib/filebeat/ ']'
+ '[' -d /usr/share/filebeat ']'
+ '[' -d /etc/filebeat ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed=
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ '[' -d /etc/wazuh-dashboard ']'
+ '[' -d /run/wazuh-dashboard/ ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ no_indexer_backup=1
+ '[' -n '' ']'
+ '[' -n '' ']'
+ api_users=(wazuh wazuh-wui)
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfilepasswords='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ sed -e 's/[\'\''"]//g'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapiusers='wazuh
wazuh-wui'
++ sed -e 's/[\'\''"]//g'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapipasswords='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' -n '' ']'
+ finalusers=()
+ finalpasswords=()
+ finalapiusers=()
+ finalapipasswords=()
+ '[' -n '' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[A-Z]'
+ grep -q '[a-z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[0-9]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[.*+?-]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[A-Z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[a-z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[0-9]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[.*+?-]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ '[' true = false ']'
+ users=()
+ mapfile -t users
++ printf '%s\n'
+ mapfile -t passwords
++ printf '%s\n'
+ mapfile -t api_users
++ printf '%s\n' wazuh wazuh-wui
+ mapfile -t api_passwords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd' 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ changeall=1
+ '[' -n '' ']'
+ '[' -n '' ']'
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z 1 ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ '[' '' == admin ']'
+ '[' '' == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ set +x
18/09/2023 10:49:19 INFO: Wazuh indexer cluster initialized.
18/09/2023 10:49:19 INFO: Installation finished.
18/09/2023 10:49:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:49:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:49:36 INFO: Wazuh indexer cluster security configuration initialized.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:37'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt >> /var/log/wazuh-install.log 2>&1'
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-manager
+ wazuh_installed=
+ '[' -d /var/ossec ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-indexer
++ apt list --installed
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep filebeat
+ filebeat_installed=
+ '[' -d /var/lib/filebeat/ ']'
+ '[' -d /usr/share/filebeat ']'
+ '[' -d /etc/filebeat ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed=
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ '[' -d /etc/wazuh-dashboard ']'
+ '[' -d /run/wazuh-dashboard/ ']'
+ '[' -n 1 ']'
+ changeall=1
+ passwords_readUsers
++ grep -v -
++ awk '{ print substr( $0, 1, length($0)-1 ) }'
++ grep -v hash:
++ grep -B 1 hash: /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ susers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t users
+ '[' -n '' ']'
+ '[' -n '' ']'
+ api_users=(wazuh wazuh-wui)
+ installCommon_readPasswordFileUsers
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfilepasswords='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapiusers='wazuh
wazuh-wui'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapipasswords='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' -n 1 ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[A-Z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[a-z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[0-9]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[.*+?-]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaserver == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ logstash == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ readall == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \a\d\m\i\n ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ passwords_checkPassword 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[A-Z]'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[a-z]'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[0-9]'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\r\o ]]
+ passwords_checkPassword 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[A-Z]'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[a-z]'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[0-9]'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ supported=true
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\r\o ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ logstash == \l\o\g\s\t\a\s\h ]]
+ passwords_checkPassword 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[A-Z]'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[a-z]'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[0-9]'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ supported=true
+ for i in "${!users[@]}"
+ [[ readall == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \l\o\g\s\t\a\s\h ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ logstash == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ readall == \r\e\a\d\a\l\l ]]
+ passwords_checkPassword gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[A-Z]'
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[a-z]'
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[0-9]'
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ supported=true
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \r\e\a\d\a\l\l ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ logstash == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ readall == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ passwords_checkPassword 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[A-Z]'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[a-z]'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[0-9]'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[A-Z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[a-z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[0-9]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[A-Z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[a-z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[0-9]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ supported=true
+ '[' true = false ']'
+ '[' -n 1 ']'
+ passwords_getNetworkHost
++ grep -hr network.host: /etc/wazuh-indexer/opensearch.yml
+ IP='network.host: 127.0.0.1'
+ NH='network.host: '
+ IP=127.0.0.1
+ [[ 127.0.0.1 =~ _.*_ ]]
+ '[' 127.0.0.1 == 0.0.0.0 ']'
+ passwords_generateHash
+ '[' -n 1 ']'
+ common_logger -d 'Generating password hashes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:40'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Generating password hashes.' ']'
+ case ${1} in
+ message='Generating password hashes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
++ grep -A 2 issues
++ tail -n 1
+ nhash='$2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ nhash='$2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ common_logger -d 'Password hashes generated.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:46'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password hashes generated.' ']'
+ case ${1} in
+ message='Password hashes generated.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z ']'
+ eval 'mkdir /etc/wazuh-indexer/backup/ 2>/dev/null'
++ mkdir /etc/wazuh-indexer/backup/
+ eval 'cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null'
++ cp /etc/wazuh-indexer/opensearch-security/action_groups.yml /etc/wazuh-indexer/opensearch-security/allowlist.yml /etc/wazuh-indexer/opensearch-security/audit.yml /etc/wazuh-indexer/opensearch-security/config.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml /etc/wazuh-indexer/opensearch-security/nodes_dn.yml /etc/wazuh-indexer/opensearch-security/opensearch.yml.example /etc/wazuh-indexer/opensearch-security/roles_mapping.yml /etc/wazuh-indexer/opensearch-security/roles.yml /etc/wazuh-indexer/opensearch-security/tenants.yml /etc/wazuh-indexer/opensearch-security/whitelist.yml /etc/wazuh-indexer/backup/
+ passwords_createBackUp
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z '' ]]
+ passwords_readAdmincerts
+ [[ -f /etc/wazuh-indexer/certs/admin.pem ]]
+ adminpem=/etc/wazuh-indexer/certs/admin.pem
+ [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]
+ adminkey=/etc/wazuh-indexer/certs/admin-key.pem
+ common_logger -d 'Creating password backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:46'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Creating password backup.' ']'
+ case ${1} in
+ message='Creating password backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ eval 'mkdir /etc/wazuh-indexer/backup >> /var/log/wazuh-install.log 2>&1'
++ mkdir /etc/wazuh-indexer/backup
+ eval 'JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1 >> /var/log/wazuh-install.log 2>&1'
++ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password backup created in /etc/wazuh-indexer/backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:50'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password backup created in /etc/wazuh-indexer/backup.' ']'
+ case ${1} in
+ message='Password backup created in /etc/wazuh-indexer/backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u' 'prev=="admin:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' admin == admin ']'
+ adminpass='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e' 'prev=="kibanaserver:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaserver == admin ']'
+ '[' kibanaserver == kibanaserver ']'
+ dashpass='Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C' 'prev=="kibanaro:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaro == admin ']'
+ '[' kibanaro == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq' 'prev=="logstash:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' logstash == admin ']'
+ '[' logstash == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG' 'prev=="readall:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' readall == admin ']'
+ '[' readall == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG' 'prev=="snapshotrestore:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' snapshotrestore == admin ']'
+ '[' snapshotrestore == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_runSecurityAdmin
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z /etc/wazuh-indexer/certs/admin.pem ]]
+ [[ -z /etc/wazuh-indexer/certs/admin-key.pem ]]
+ common_logger -d 'Loading new passwords changes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:50'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Loading new passwords changes.' ']'
+ case ${1} in
+ message='Loading new passwords changes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ read -p Wait
Wait
+ eval 'OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1 >> /var/log/wazuh-install.log 2>&1'
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
+ '[' 0 '!=' 0 ']'
+ eval 'cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml'
++ cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ eval 'rm -rf /etc/wazuh-indexer/backup/ >> /var/log/wazuh-install.log 2>&1'
++ rm -rf /etc/wazuh-indexer/backup/
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' -n 1 ']'
+ '[' -z '' ']'
+ '[' -z '' ']'
+ '[' -z '' ']'
+ '[' -z '' ']'
+ '[' -z 1 ']'
+ common_logger -d 'Passwords changed.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:53:51'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Passwords changed.' ']'
+ case ${1} in
+ message='Passwords changed.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ set +x
18/09/2023 10:53:51 INFO: Wazuh indexer cluster started.
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml
---
_meta:
type: "internalusers"
config_version: 2
admin:
hash: $2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
kibanaserver:
hash: $2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e
reserved: true
description: "Demo kibanaserver user"
kibanaro:
hash: $2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C
reserved: false
backend_roles:
- "kibanauser"
- "readall"
attributes:
attribute1: "value1"
attribute2: "value2"
attribute3: "value3"
description: "Demo kibanaro user"
logstash:
hash: $2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq
reserved: false
backend_roles:
- "logstash"
description: "Demo logstash user"
readall:
hash: $2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG
reserved: false
backend_roles:
- "readall"
description: "Demo readall user"
snapshotrestore:
hash: $2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG
reserved: false
backend_roles:
- "snapshotrestore"
description: "Demo snapshotrestore user"
root@ubuntu22:/home/vagrant#
root@ubuntu22:/home/vagrant# bash wazuh-install.sh -ws wazuh-1 -i
18/09/2023 10:57:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:57:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:58:05 WARNING: Hardware and system checks ignored.
18/09/2023 10:58:09 INFO: Wazuh repository added.
18/09/2023 10:58:10 INFO: --- Wazuh server ---
18/09/2023 10:58:10 INFO: Starting the Wazuh manager installation.
18/09/2023 10:59:00 INFO: Wazuh manager installation finished.
18/09/2023 10:59:00 INFO: Starting service wazuh-manager.
18/09/2023 10:59:25 INFO: wazuh-manager service started.
18/09/2023 10:59:25 INFO: Starting Filebeat installation.
18/09/2023 10:59:31 INFO: Filebeat installation finished.
18/09/2023 10:59:32 INFO: Filebeat post-install configuration finished.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:59:32'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt >> /var/log/wazuh-install.log 2>&1'
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-manager
++ apt list --installed
+ wazuh_installed='wazuh-manager/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/ossec ']'
+ wazuh_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-indexer
++ apt list --installed
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed='filebeat/stable,now 7.10.2 amd64 [installed]'
+ '[' -d /var/lib/filebeat/ ']'
+ filebeat_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed=
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ '[' -d /etc/wazuh-dashboard ']'
+ '[' -d /run/wazuh-dashboard/ ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ no_indexer_backup=1
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX =~ Invalid credentials ]]
+ passwords_getApiUsers
+ mapfile -t api_users
++ grep username
++ sed -e 's/[\'\''",]//g'
++ awk '-F: ' '{print $2}'
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
+ passwords_getApiIds
+ mapfile -t api_ids
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
++ awk '-F: ' '{print $2}'
++ grep id
++ sed -e 's/[\'\''",]//g'
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
+ sfilepasswords='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapiusers='wazuh
wazuh-wui'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapipasswords='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' -n '' ']'
+ finalusers=()
+ finalpasswords=()
+ finalapiusers=()
+ finalapipasswords=()
+ '[' -n '' ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ '[' -n 1 ']'
+ users=(admin)
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[A-Z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[a-z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[0-9]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalusers+=(${fileusers[j]})
+ finalpasswords+=(${filepasswords[j]})
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[A-Z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[a-z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[0-9]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[A-Z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[a-z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[0-9]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ '[' true = false ']'
+ users=()
+ mapfile -t users
++ printf '%s\n' admin
+ mapfile -t passwords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ mapfile -t api_users
++ printf '%s\n' wazuh wazuh-wui
+ mapfile -t api_passwords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd' 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ changeall=1
+ '[' -n '' ']'
+ '[' -n '' ']'
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z 1 ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ '[' admin == admin ']'
+ adminpass='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ filebeat keystore list
+ grep -q password
+ eval 'echo ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi | filebeat keystore add password --force --stdin >> /var/log/wazuh-install.log 2>&1'
++ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
++ filebeat keystore add password --force --stdin
+ passwords_restartService filebeat
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl restart filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl restart filebeat.service
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'filebeat started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:59:36'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'filebeat started.' ']'
+ case ${1} in
+ message='filebeat started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ installCommon_changePasswordApi
+ '[' -n 1 ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh ']'
+ user_id=1
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh-wui ']'
+ '[' 1 == noid ']'
+ WAZUH_PASS_API='{"password":"Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX' -H 'Content-Type: application/json' -d '{"password":"Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd"}' https://localhost:55000/security/users/1 -o /dev/null
+ '[' wazuh == wazuh ']'
+ sleep 1
+ adminPassword='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u 'wazuh:Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd' -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a =~ Invalid credentials ]]
+ '[' wazuh == wazuh-wui ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh-wui
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh ']'
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh-wui ']'
+ user_id=2
+ '[' 2 == noid ']'
+ WAZUH_PASS_API='{"password":"eWqjCV3lZY4HpV+kh3R590NU5w*gUj43"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a' -H 'Content-Type: application/json' -d '{"password":"eWqjCV3lZY4HpV+kh3R590NU5w*gUj43"}' https://localhost:55000/security/users/2 -o /dev/null
+ '[' wazuh-wui == wazuh ']'
+ '[' wazuh-wui == wazuh-wui ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ set +x
18/09/2023 10:59:40 INFO: Starting service filebeat.
18/09/2023 10:59:42 INFO: filebeat service started.
18/09/2023 10:59:42 INFO: Installation finished.
root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml
---
_meta:
type: "internalusers"
config_version: 2
admin:
hash: $2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
kibanaserver:
hash: $2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e
reserved: true
description: "Demo kibanaserver user"
kibanaro:
hash: $2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C
reserved: false
backend_roles:
- "kibanauser"
- "readall"
attributes:
attribute1: "value1"
attribute2: "value2"
attribute3: "value3"
description: "Demo kibanaro user"
logstash:
hash: $2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq
reserved: false
backend_roles:
- "logstash"
description: "Demo logstash user"
readall:
hash: $2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG
reserved: false
backend_roles:
- "readall"
description: "Demo readall user"
snapshotrestore:
hash: $2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG
reserved: false
backend_roles:
- "snapshotrestore"
description: "Demo snapshotrestore user"
|
I have been looking into the code however in the manager.sh and dashboard.sh I have not any reference to password, except for the dashboard which has the following Is there an order for the component installation? If it is: indexer,manager,dashboard. Then the |
Hello again @micsinyei. Yes, you are right. After some testing I discovered that the With this, the change will be introduced in the Related to this comment, I would invite you to open an issue in this repository to report this bug or feature, as this is out of the scope of this issue. |
Description
Wazuh install script https://packages.wazuh.com/4.4/wazuh-install.sh for all in one installation does not update the internal_users regarding the new generated password.
Steps to reproduce
curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
/etc/wazuh-indexer/opensearch-security/internal_users.yml
contains the default value:The text was updated successfully, but these errors were encountered: