-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission errors in the Wazuh Indexer service (systemd) #2685
Comments
Related https://github.com/search?q=repo%3Awazuh%2Fwazuh-packages+%22accessUserInformation%22&type=issues |
I have reviewed the information in this issue. The |
Steps to ReproduceI have tried to reproduce the error, first doing an AIO installation of version 4.8.0 (since the issue is for this version). I have also tried installing OpenSearch manually (in its latest available version). Reproduce the Error using an AIO Installation
[root@centos7 vagrant]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
19/12/2023 09:39:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
19/12/2023 09:39:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/12/2023 09:40:00 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/12/2023 09:40:00 INFO: Wazuh web interface port will be 443.
19/12/2023 09:40:00 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
19/12/2023 09:40:02 INFO: Wazuh development repository added.
19/12/2023 09:40:02 INFO: --- Configuration files ---
19/12/2023 09:40:02 INFO: Generating configuration files.
19/12/2023 09:40:02 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
19/12/2023 09:40:03 INFO: --- Wazuh indexer ---
19/12/2023 09:40:03 INFO: Starting Wazuh indexer installation.
19/12/2023 09:41:27 INFO: Wazuh indexer installation finished.
19/12/2023 09:41:27 INFO: Wazuh indexer post-install configuration finished.
19/12/2023 09:41:27 INFO: Starting service wazuh-indexer.
19/12/2023 09:41:35 INFO: wazuh-indexer service started.
19/12/2023 09:41:35 INFO: Initializing Wazuh indexer cluster security settings.
19/12/2023 09:41:48 INFO: The Wazuh indexer cluster ISM initialized.
19/12/2023 09:41:48 INFO: Wazuh indexer cluster initialized.
19/12/2023 09:41:48 INFO: --- Wazuh server ---
19/12/2023 09:41:48 INFO: Starting the Wazuh manager installation.
19/12/2023 09:42:23 INFO: Wazuh manager installation finished.
19/12/2023 09:42:23 INFO: Starting service wazuh-manager.
19/12/2023 09:42:36 INFO: wazuh-manager service started.
19/12/2023 09:42:36 INFO: Starting Filebeat installation.
19/12/2023 09:42:43 INFO: Filebeat installation finished.
19/12/2023 09:42:45 INFO: Filebeat post-install configuration finished.
19/12/2023 09:42:45 INFO: Starting service filebeat.
19/12/2023 09:42:45 INFO: filebeat service started.
19/12/2023 09:42:45 INFO: --- Wazuh dashboard ---
19/12/2023 09:42:45 INFO: Starting Wazuh dashboard installation.
19/12/2023 09:43:38 INFO: Wazuh dashboard installation finished.
19/12/2023 09:43:38 INFO: Wazuh dashboard post-install configuration finished.
19/12/2023 09:43:38 INFO: Starting service wazuh-dashboard.
19/12/2023 09:43:38 INFO: wazuh-dashboard service started.
19/12/2023 09:43:40 INFO: Updating the internal users.
19/12/2023 09:43:42 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
19/12/2023 09:43:57 INFO: Initializing Wazuh dashboard web application.
19/12/2023 09:43:58 INFO: Wazuh dashboard web application initialized.
19/12/2023 09:43:58 INFO: --- Summary ---
19/12/2023 09:43:58 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: DtFX2+RbJkTtJ*GQJ25W3Mj5eMIuXdB7
19/12/2023 09:43:58 INFO: Installation finished.
[root@centos7 vagrant]# ls -lia /var/log/wazuh-indexer/
total 408
486932 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 dic 19 09:41 .
100 drwxr-xr-x. 9 root root 4096 dic 19 09:42 ..
486934 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 112524 dic 19 10:03 gc.log
486933 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 09:41 gc.log.00
486941 -rw-r-----. 1 wazuh-indexer wazuh-indexer 4730 dic 19 09:43 wazuh-cluster_deprecation.json
486935 -rw-r-----. 1 wazuh-indexer wazuh-indexer 2804 dic 19 09:43 wazuh-cluster_deprecation.log
486939 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_indexing_slowlog.json
486942 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_indexing_slowlog.log
486938 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_search_slowlog.json
486943 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_search_slowlog.log
486937 -rw-r-----. 1 wazuh-indexer wazuh-indexer 62647 dic 19 10:03 wazuh-cluster.log
486940 -rw-r-----. 1 wazuh-indexer wazuh-indexer 139247 dic 19 10:03 wazuh-cluster_server.json
486936 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_task_detailslog.json
5344 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_task_detailslog.log
[root@centos7 vagrant]# stat --format="%n: %a" /var/log/wazuh-indexer/*
/var/log/wazuh-indexer/gc.log: 644
/var/log/wazuh-indexer/gc.log.00: 644
/var/log/wazuh-indexer/wazuh-cluster_deprecation.json: 640
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster.log: 640
/var/log/wazuh-indexer/wazuh-cluster_server.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.log: 640
[root@centos7 vagrant]# shutdown now
[root@centos7 vagrant]# ls -lia /var/log/wazuh-indexer/
total 572
486932 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 dic 19 10:10 .
100 drwxr-xr-x. 9 root root 4096 dic 19 10:10 ..
705262 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 40450 dic 19 10:11 gc.log
486933 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 09:41 gc.log.00
486934 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 116769 dic 19 10:07 gc.log.01
705261 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 10:10 gc.log.02
486941 -rw-r-----. 1 wazuh-indexer wazuh-indexer 8095 dic 19 10:10 wazuh-cluster_deprecation.json
486935 -rw-r-----. 1 wazuh-indexer wazuh-indexer 4864 dic 19 10:10 wazuh-cluster_deprecation.log
486939 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_indexing_slowlog.json
486942 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_indexing_slowlog.log
486938 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_search_slowlog.json
486943 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_search_slowlog.log
486937 -rw-r-----. 1 wazuh-indexer wazuh-indexer 95498 dic 19 10:10 wazuh-cluster.log
486940 -rw-r-----. 1 wazuh-indexer wazuh-indexer 209666 dic 19 10:10 wazuh-cluster_server.json
486936 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_task_detailslog.json
5344 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_task_detailslog.log
[root@centos7 vagrant]# stat --format="%n: %a" /var/log/wazuh-indexer/*
/var/log/wazuh-indexer/gc.log: 644
/var/log/wazuh-indexer/gc.log.00: 644
/var/log/wazuh-indexer/gc.log.01: 644
/var/log/wazuh-indexer/gc.log.02: 644
/var/log/wazuh-indexer/wazuh-cluster_deprecation.json: 640
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster.log: 640
/var/log/wazuh-indexer/wazuh-cluster_server.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.log: 640
[root@centos7 vagrant]# shutdown now
[root@centos7 vagrant]# ls -lia /var/log/wazuh-indexer/
total 520
486932 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 dic 21 10:17 .
100 drwxr-xr-x. 9 root root 4096 dic 19 10:17 ..
705228 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 46873 dic 21 10:18 gc.log
486933 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 09:41 gc.log.00
486934 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 116769 dic 19 10:07 gc.log.01
705261 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 10:10 gc.log.02
705262 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 49709 dic 19 10:12 gc.log.03
705227 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 21 10:17 gc.log.04
705242 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 17806 dic 21 10:17 wazuh-cluster-2023-12-19-1.json.gz
705238 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 15947 dic 21 10:17 wazuh-cluster-2023-12-19-1.log.gz
486941 -rw-r-----. 1 wazuh-indexer wazuh-indexer 11910 dic 21 10:17 wazuh-cluster_deprecation.json
486935 -rw-r-----. 1 wazuh-indexer wazuh-indexer 7167 dic 21 10:17 wazuh-cluster_deprecation.log
486939 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_indexing_slowlog.json
486942 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_indexing_slowlog.log
486938 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_search_slowlog.json
486943 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_index_search_slowlog.log
705231 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 32871 dic 21 10:17 wazuh-cluster.log
705230 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 69692 dic 21 10:17 wazuh-cluster_server.json
486936 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_task_detailslog.json
5344 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 09:41 wazuh-cluster_task_detailslog.log
[root@centos7 vagrant]# stat --format="%n: %a" /var/log/wazuh-indexer/*
/var/log/wazuh-indexer/gc.log: 644
/var/log/wazuh-indexer/gc.log.00: 644
/var/log/wazuh-indexer/gc.log.01: 644
/var/log/wazuh-indexer/gc.log.02: 644
/var/log/wazuh-indexer/gc.log.03: 644
/var/log/wazuh-indexer/gc.log.04: 644
/var/log/wazuh-indexer/wazuh-cluster-2023-12-19-1.json.gz: 644
/var/log/wazuh-indexer/wazuh-cluster-2023-12-19-1.log.gz: 644
/var/log/wazuh-indexer/wazuh-cluster_deprecation.json: 640
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster.log: 644
/var/log/wazuh-indexer/wazuh-cluster_server.json: 644
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.log: 640 Test in OpenSearch 2.11.1
[root@centos7 vagrant]# wget https://artifacts.opensearch.org/releases/bundle/opensearch/2.11.1/opensearch-2.11.1-linux-x64.rpm
--2023-12-19 08:45:07-- https://artifacts.opensearch.org/releases/bundle/opensearch/2.11.1/opensearch-2.11.1-linux-x64.rpm
Resolviendo artifacts.opensearch.org (artifacts.opensearch.org)... 18.67.240.45, 18.67.240.6, 18.67.240.49, ...
Conectando con artifacts.opensearch.org (artifacts.opensearch.org)[18.67.240.45]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 784169644 (748M) [application/octet-stream]
Grabando a: “opensearch-2.11.1-linux-x64.rpm”
100%[===========================================================================================================================================================>] 784.169.644 16,7MB/s en 47s
2023-12-19 08:45:54 (16,1 MB/s) - “opensearch-2.11.1-linux-x64.rpm” guardado [784169644/784169644]
[root@centos7 vagrant]# yum localinstall -y opensearch-2.11.1-linux-x64.rpm
Loaded plugins: fastestmirror
Examining opensearch-2.11.1-linux-x64.rpm: opensearch-2.11.1-1.x86_64
Marking opensearch-2.11.1-linux-x64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package opensearch.x86_64 0:2.11.1-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================================================================
Installing:
opensearch x86_64 2.11.1-1 /opensearch-2.11.1-linux-x64 1.0 G
Transaction Summary
=====================================================================================================================================================================================================
Install 1 Package
Total size: 1.0 G
Installed size: 1.0 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : opensearch-2.11.1-1.x86_64 1/1
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
### Upcoming breaking change in packaging
In a future release of OpenSearch, we plan to change the permissions associated with access to installed files
If you are configuring tools that require read access to the OpenSearch configuration files, we recommend you add the user that runs these tools to the 'opensearch' group
For more information, see https://github.com/opensearch-project/opensearch-build/pull/4043
Verifying : opensearch-2.11.1-1.x86_64 1/1
Installed:
opensearch.x86_64 0:2.11.1-1
Complete!
[root@centos7 vagrant]# systemctl enable opensearch
Created symlink from /etc/systemd/system/multi-user.target.wants/opensearch.service to /usr/lib/systemd/system/opensearch.service.
[root@centos7 vagrant]# systemctl status opensearch
● opensearch.service - OpenSearch
Loaded: loaded (/usr/lib/systemd/system/opensearch.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: https://opensearch.org/
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 4
-rw-r--r--. 1 opensearch opensearch 1693 dic 19 08:56 install_demo_configuration.log
[root@centos7 vagrant]# systemctl start opensearch
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 296
-rw-r--r--. 1 opensearch opensearch 40870 dic 19 08:59 gc.log
-rw-r--r--. 1 opensearch opensearch 2030 dic 19 08:59 gc.log.00
-rw-r--r--. 1 opensearch opensearch 1693 dic 19 08:56 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch 1243 dic 19 08:59 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch 805 dic 19 08:59 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch 47948 dic 19 08:59 opensearch.log
-rw-r-----. 1 opensearch opensearch 92766 dic 19 08:59 opensearch_server.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_task_detailslog.log
[root@centos7 vagrant]# shutdown now
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 560
-rw-r--r--. 1 opensearch opensearch 100614 dic 19 09:09 gc.log
-rw-r--r--. 1 opensearch opensearch 2030 dic 19 08:59 gc.log.00
-rw-r--r--. 1 opensearch opensearch 55449 dic 19 09:00 gc.log.01
-rw-r--r--. 1 opensearch opensearch 2006 dic 19 09:01 gc.log.02
-rw-r--r--. 1 opensearch opensearch 1693 dic 19 08:56 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch 2011 dic 19 09:01 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch 1339 dic 19 09:01 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch 99411 dic 19 09:06 opensearch.log
-rw-r-----. 1 opensearch opensearch 192835 dic 19 09:06 opensearch_server.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 08:59 opensearch_task_detailslog.log
[root@centos7 vagrant]# /usr/share/opensearch/bin/opensearch -V
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.11.1.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
Version: 2.11.1, Build: rpm/6b1986e964d440be9137eba1413015c31c5a7752/2023-11-29T21:43:16.724491085Z, JVM: 17.0.8
[root@centos7 vagrant]# shutdown now
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 376
-rw-r--r--. 1 opensearch opensearch 49346 dic 21 12:07 gc.log
-rw-r--r--. 1 opensearch opensearch 2006 dic 19 12:05 gc.log.00
-rw-r--r--. 1 opensearch opensearch 43792 dic 19 12:05 gc.log.01
-rw-r--r--. 1 opensearch opensearch 2006 dic 21 12:07 gc.log.02
-rw-r--r--. 1 opensearch opensearch 1693 dic 19 12:05 install_demo_configuration.log
-rw-r--r--. 1 opensearch opensearch 8475 dic 21 12:07 opensearch-2023-12-19-1.json.gz
-rw-r--r--. 1 opensearch opensearch 7816 dic 21 12:07 opensearch-2023-12-19-1.log.gz
-rw-r-----. 1 opensearch opensearch 2011 dic 21 12:07 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch 1339 dic 21 12:07 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:05 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:05 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:05 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:05 opensearch_index_search_slowlog.log
-rw-r--r--. 1 opensearch opensearch 45941 dic 21 12:07 opensearch.log
-rw-r--r--. 1 opensearch opensearch 86947 dic 21 12:07 opensearch_server.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:05 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:05 opensearch_task_detailslog.log
[root@centos7 vagrant]# journalctl | grep "ERROR"
dic 21 12:07:05 centos7.localdomain systemd-entrypoint[654]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/opensearch/opensearch_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
dic 21 12:07:05 centos7.localdomain systemd-entrypoint[654]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/opensearch/opensearch.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Test the Proposed FixIn the OpenSearch Forum there is a proposed solution for this error. Using the AIO installation, I have made the suggested changes. The error has not been resolved. Wazuh-Indexer Info
[root@centos7 vagrant]# cat /usr/lib/systemd/system/wazuh-indexer.service
[Unit]
Description=Wazuh-indexer
Documentation=https://documentation.wazuh.com
Wants=network-online.target
After=network-online.target
[Service]
Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=yes
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer
WorkingDirectory=/usr/share/wazuh-indexer
User=wazuh-indexer
Group=wazuh-indexer
ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet
# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# wazuh-indexer logging system is initialized. Elasticsearch
# stores its logs in /var/log/wazuh-indexer and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535
# Specifies the maximum number of processes
LimitNPROC=4096
# Specifies the maximum size of virtual memory
LimitAS=infinity
# Specifies the maximum file size
LimitFSIZE=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM
# Send the signal only to the JVM rather than its control group
KillMode=process
# Java process is never killed
SendSIGKILL=no
# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143
# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=180
[Install]
WantedBy=multi-user.target
[root@centos7 wazuh-indexer]# cat /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy
grant {
permission java.lang.management.ManagementPermission "control";
permission java.net.SocketPermission "localhost:9600","connect,resolve";
permission java.lang.RuntimePermission "getClassLoader";
};
grant codebase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};
grant codeBase "jrt:/jdk.attach" {
permission java.security.AllPermission;
};
grant codeBase "jrt:/jdk.internal.jvmstat" {
permission java.security.AllPermission;
}; Test Fix using AIO Installation
[root@centos7 vagrant]# ls -lia /var/log/wazuh-indexer/
[root@centos7 wazuh-indexer]# ls -lia /var/log/wazuh-indexer/
total 408
486932 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 dic 19 10:26 .
100 drwxr-xr-x. 9 root root 4096 dic 19 10:46 ..
486934 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 113183 dic 19 10:53 gc.log
486933 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 10:26 gc.log.00
486941 -rw-r-----. 1 wazuh-indexer wazuh-indexer 4730 dic 19 10:28 wazuh-cluster_deprecation.json
486935 -rw-r-----. 1 wazuh-indexer wazuh-indexer 2804 dic 19 10:28 wazuh-cluster_deprecation.log
486939 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_indexing_slowlog.json
486942 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_indexing_slowlog.log
486938 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_search_slowlog.json
486943 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_search_slowlog.log
486937 -rw-r-----. 1 wazuh-indexer wazuh-indexer 64098 dic 19 10:52 wazuh-cluster.log
486940 -rw-r-----. 1 wazuh-indexer wazuh-indexer 142676 dic 19 10:52 wazuh-cluster_server.json
486936 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_task_detailslog.json
5344 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_task_detailslog.log
[root@centos7 wazuh-indexer]# stat --format="%n: %a" /var/log/wazuh-indexer/*
/var/log/wazuh-indexer/gc.log: 644
/var/log/wazuh-indexer/gc.log.00: 644
/var/log/wazuh-indexer/wazuh-cluster_deprecation.json: 640
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster.log: 640
/var/log/wazuh-indexer/wazuh-cluster_server.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.log: 640
[root@centos7 vagrant]# ls -lia /var/log/wazuh-indexer/
total 580
486932 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 dic 19 10:55 .
100 drwxr-xr-x. 9 root root 4096 dic 19 10:55 ..
179802 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 47294 dic 19 10:56 gc.log
486933 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 10:26 gc.log.00
486934 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 115678 dic 19 10:54 gc.log.01
179801 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 10:55 gc.log.02
486941 -rw-r-----. 1 wazuh-indexer wazuh-indexer 8095 dic 19 10:56 wazuh-cluster_deprecation.json
486935 -rw-r-----. 1 wazuh-indexer wazuh-indexer 4864 dic 19 10:56 wazuh-cluster_deprecation.log
486939 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_indexing_slowlog.json
486942 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_indexing_slowlog.log
486938 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_search_slowlog.json
486943 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_search_slowlog.log
486937 -rw-r-----. 1 wazuh-indexer wazuh-indexer 96139 dic 19 10:56 wazuh-cluster.log
486940 -rw-r-----. 1 wazuh-indexer wazuh-indexer 211091 dic 19 10:56 wazuh-cluster_server.json
486936 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_task_detailslog.json
5344 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_task_detailslog.log
[root@centos7 vagrant]# stat --format="%n: %a" /var/log/wazuh-indexer/*
/var/log/wazuh-indexer/gc.log: 644
/var/log/wazuh-indexer/gc.log.00: 644
/var/log/wazuh-indexer/gc.log.01: 644
/var/log/wazuh-indexer/gc.log.02: 644
/var/log/wazuh-indexer/wazuh-cluster_deprecation.json: 640
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster.log: 640
/var/log/wazuh-indexer/wazuh-cluster_server.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.log: 640
[root@centos7 vagrant]# cat /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy
grant {
permission java.lang.management.ManagementPermission "control";
permission java.net.SocketPermission "localhost:9600","connect,resolve";
permission java.lang.RuntimePermission "getClassLoader";
};
grant codebase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};
grant codeBase "jrt:/jdk.attach" {
permission java.security.AllPermission;
};
grant codeBase "jrt:/jdk.internal.jvmstat" {
permission java.security.AllPermission;
};
grant {
java.lang.RuntimePermission "accessUserInformation";
};
[root@centos7 vagrant]# ls -lia /var/log/wazuh-indexer/
total 376
486932 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 dic 21 11:17 .
100 drwxr-xr-x. 9 root root 4096 dic 21 11:17 ..
179805 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 40994 dic 21 11:18 gc.log
486933 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 10:26 gc.log.00
486934 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 115678 dic 19 10:54 gc.log.01
179801 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 19 10:55 gc.log.02
179802 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 58485 dic 19 10:58 gc.log.03
179804 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2015 dic 21 11:17 gc.log.04
179807 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 20136 dic 21 11:17 wazuh-cluster-2023-12-19-1.json.gz
310 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 16533 dic 21 11:17 wazuh-cluster-2023-12-19-1.log.gz
486941 -rw-r-----. 1 wazuh-indexer wazuh-indexer 11910 dic 21 11:17 wazuh-cluster_deprecation.json
486935 -rw-r-----. 1 wazuh-indexer wazuh-indexer 7167 dic 21 11:17 wazuh-cluster_deprecation.log
486939 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_indexing_slowlog.json
486942 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_indexing_slowlog.log
486938 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_search_slowlog.json
486943 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_index_search_slowlog.log
486940 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 23262 dic 21 11:17 wazuh-cluster.log
179806 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 52032 dic 21 11:17 wazuh-cluster_server.json
486936 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_task_detailslog.json
5344 -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 dic 19 10:26 wazuh-cluster_task_detailslog.log
[root@centos7 vagrant]# stat --format="%n: %a" /var/log/wazuh-indexer/*
/var/log/wazuh-indexer/gc.log: 644
/var/log/wazuh-indexer/gc.log.00: 644
/var/log/wazuh-indexer/gc.log.01: 644
/var/log/wazuh-indexer/gc.log.02: 644
/var/log/wazuh-indexer/gc.log.03: 644
/var/log/wazuh-indexer/gc.log.04: 644
/var/log/wazuh-indexer/wazuh-cluster-2023-12-19-1.json.gz: 644
/var/log/wazuh-indexer/wazuh-cluster-2023-12-19-1.log.gz: 644
/var/log/wazuh-indexer/wazuh-cluster_deprecation.json: 640
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.log: 640
/var/log/wazuh-indexer/wazuh-cluster.log: 644
/var/log/wazuh-indexer/wazuh-cluster_server.json: 644
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.json: 640
/var/log/wazuh-indexer/wazuh-cluster_task_detailslog.log: 640
[root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/opensearch -V
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
java.security.policy: error parsing file:/etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy:
line 5: expected permission entry
Version: 2.10.0, Build: rpm/eee49cb340edc6c4d489bcd9324dda571fc8dc03/2023-09-20T23:54:29.889267151Z, JVM: 17.0.8
[root@centos7 vagrant]# journalctl | grep "ERROR"
dic 21 11:34:47 centos7.localdomain systemd-entrypoint[1092]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
dic 21 11:34:47 centos7.localdomain systemd-entrypoint[1092]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Test Fix in OpenSearch 2.11.1
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 308
-rw-r--r--. 1 opensearch opensearch 45461 dic 19 12:18 gc.log
-rw-r--r--. 1 opensearch opensearch 2006 dic 19 12:18 gc.log.00
-rw-r--r--. 1 opensearch opensearch 1693 dic 19 12:18 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch 1243 dic 19 12:18 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch 805 dic 19 12:18 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch 49258 dic 19 12:18 opensearch.log
-rw-r-----. 1 opensearch opensearch 96224 dic 19 12:18 opensearch_server.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_task_detailslog.log
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 440
-rw-r--r--. 1 opensearch opensearch 45751 dic 19 12:20 gc.log
-rw-r--r--. 1 opensearch opensearch 2006 dic 19 12:18 gc.log.00
-rw-r--r--. 1 opensearch opensearch 53183 dic 19 12:19 gc.log.01
-rw-r--r--. 1 opensearch opensearch 2006 dic 19 12:19 gc.log.02
-rw-r--r--. 1 opensearch opensearch 1693 dic 19 12:18 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch 2011 dic 19 12:19 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch 1339 dic 19 12:19 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch 97377 dic 19 12:20 opensearch.log
-rw-r-----. 1 opensearch opensearch 188630 dic 19 12:20 opensearch_server.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_task_detailslog.log
[root@centos7 vagrant]# cat /etc/opensearch/opensearch-performance-analyzer/opensearch_security.policy
grant {
permission java.lang.management.ManagementPermission "control";
permission java.net.SocketPermission "localhost:9600","connect,resolve";
permission java.lang.RuntimePermission "getClassLoader";
};
grant codebase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};
grant codeBase "jrt:/jdk.attach" {
permission java.security.AllPermission;
};
grant codeBase "jrt:/jdk.internal.jvmstat" {
permission java.security.AllPermission;
};
grant {
java.lang.RuntimePermission "accessUserInformation";
};
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 452
-rw-r--r--. 1 opensearch opensearch 38175 dic 21 12:23 gc.log
-rw-r--r--. 1 opensearch opensearch 2006 dic 19 12:18 gc.log.00
-rw-r--r--. 1 opensearch opensearch 53183 dic 19 12:19 gc.log.01
-rw-r--r--. 1 opensearch opensearch 2006 dic 19 12:19 gc.log.02
-rw-r--r--. 1 opensearch opensearch 65901 dic 19 12:22 gc.log.03
-rw-r--r--. 1 opensearch opensearch 2006 dic 21 12:22 gc.log.04
-rw-r--r--. 1 opensearch opensearch 1693 dic 19 12:18 install_demo_configuration.log
-rw-r--r--. 1 opensearch opensearch 16756 dic 21 12:22 opensearch-2023-12-19-1.json.gz
-rw-r--r--. 1 opensearch opensearch 15396 dic 21 12:22 opensearch-2023-12-19-1.log.gz
-rw-r-----. 1 opensearch opensearch 2779 dic 21 12:22 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch 1873 dic 21 12:22 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_index_search_slowlog.log
-rw-r--r--. 1 opensearch opensearch 40525 dic 21 12:22 opensearch.log
-rw-r--r--. 1 opensearch opensearch 76377 dic 21 12:22 opensearch_server.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch 0 dic 19 12:18 opensearch_task_detailslog.log
[root@centos7 vagrant]# journalctl | grep "ERROR"
dic 21 12:22:41 centos7.localdomain systemd-entrypoint[650]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/opensearch/opensearch_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
dic 21 12:22:41 centos7.localdomain systemd-entrypoint[650]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/opensearch/opensearch.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") ConclusionsThe conclusion is that it seems to be an error due to OpenSearch. It appears both when installing Wazuh and when testing OpenSearch in its latest available version. The error is easily reproducible as can be seen in the instructions above. There is currently an open issue (by Wazuh) on OpenSearch that has not yet been answered. I have spoken with the Indexer Team. It is a known OpenSearch issue. There seems to be nothing we can do about it. With the tests I have done you can see that the fix proposed in the forum does not work either. |
Review NotesGJ, very clear explanation. |
Ran into the same issue.
|
Description
Some errors appear at the same hour on different days, the file exists and no related logs are found in the Indexer logs for now:
This seems to solve the issue: https://forum.opensearch.org/t/systemd-entrypoint-defaultdispatcher-worker-error-could-not-define-attribute-view-on-path-var-log-opensearch-opensearch-server-json/15514/5
But further research is required.
The text was updated successfully, but these errors were encountered: