Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for AL2023 in WIA #2790

Merged
merged 3 commits into from
Jan 25, 2024
Merged

Added support for AL2023 in WIA #2790

merged 3 commits into from
Jan 25, 2024

Conversation

davidcr01
Copy link
Contributor

@davidcr01 davidcr01 commented Jan 22, 2024
edited
Loading

Related issue
#2688
#2432
#2430
#2436

Description

The aim of this PR is to add support for Amazon Linux 2023 when installing Wazuh using the Wazuh installation assistant. This tool has been adapted to the special dependencies of this system:

  • curl-minimal instead of curl for instances.
  • coreutils-single instead of coreutils for containers.

Also, to prevent the removal of the systemd error, some extra code has been added.
The error in AL2023 container:

22/01/2024 15:03:14 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
22/01/2024 15:03:15 INFO: --- Dependencies ---
22/01/2024 15:03:15 INFO: Removing systemd.
Error: Problem: The operation would result in removing the following protected packages: systemd (try to add '--skip-broken' to skip uninstallable packages)
22/01/2024 15:03:15 ERROR: Cannot remove dependency: systemd.

Whis this, Wazuh can be installed without errors using the -i|--ignore option, as it is not a recommended system yet.

Testing

Testing is in: #2688 (comment)

🟢 RHEL9

Installation log

[root@ip-172-31-35-228 ec2-user]# bash wazuh-install.sh -a -i -v
25/01/2024 10:53:42 DEBUG: Checking root permissions.
25/01/2024 10:53:42 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
25/01/2024 10:53:42 INFO: Verbose logging redirected to /var/log/wazuh-install.log
25/01/2024 10:53:42 DEBUG: YUM package manager will be used.
25/01/2024 10:53:42 DEBUG: Checking system distribution.
25/01/2024 10:53:42 DEBUG: Detected distribution name: rhel
25/01/2024 10:53:42 DEBUG: Detected distribution version: 9
25/01/2024 10:53:42 DEBUG: Installing check dependencies.
25/01/2024 10:53:42 DEBUG: CentOS repository file created.
25/01/2024 10:53:42 DEBUG: CentOS repositories added.
25/01/2024 10:53:51 INFO: --- Dependencies ---
25/01/2024 10:53:51 INFO: Installing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 38 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 25 MB/s | 8.0 MB 00:00 Last metadata expiration check: 0:00:03 ago on Thu 25 Jan 2024 10:53:59 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 683 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.6 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.2 MB/s | 332 kB 00:00 CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <[email protected]>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 38 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 25 MB/s | 8.0 MB 00:00 Last metadata expiration check: 0:00:03 ago on Thu 25 Jan 2024 10:53:59 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 683 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.6 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 2.2 MB/s | 332 kB 00:00 CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <[email protected]>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

38 files removed
25/01/2024 10:54:08 DEBUG: CentOS repositories and key deleted.
25/01/2024 10:54:08 DEBUG: Checking Wazuh installation.
25/01/2024 10:54:12 DEBUG: Checking system architecture.
25/01/2024 10:54:12 WARNING: Hardware and system checks ignored.
25/01/2024 10:54:12 INFO: Wazuh web interface port will be 443.
25/01/2024 10:54:12 DEBUG: Checking ports availability.
25/01/2024 10:54:14 DEBUG: Installing prerequisites dependencies.
25/01/2024 10:54:15 DEBUG: Checking curl tool version.
25/01/2024 10:54:15 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
25/01/2024 10:54:16 INFO: Wazuh development repository added.
25/01/2024 10:54:16 INFO: --- Configuration files ---
25/01/2024 10:54:16 INFO: Generating configuration files.
25/01/2024 10:54:16 DEBUG: Creating Wazuh certificates.
25/01/2024 10:54:16 DEBUG: Reading configuration file.
25/01/2024 10:54:16 DEBUG: Creating the root certificate.
....+......+......+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+..............+......+.+...+..+......+.........+.+...+............+.....+....+...............+........+.+......+.....+..................+.+..+...+.......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+....+..+....+......+...+...........+.........+.+.............................+.+.........+...........+.+.....+......................+.....+.+.....+.......+..............+.+........+.........+...+....+......+.....+.......+..+....+..+....+.....+.........+.+........+......+..........+.....+.+..............+....+........+....+...........+.......+...+...+.........+..+....+.....+.+........+.............+.........+.........+..+............+......+.......+.....+..........+..+.....................+.+......+............+..+.........+......+.+........+.+..............+......+.............+...+...+.........+.....+...+....+...+...+...+..+.........................+..+...+.......+..+.+..+...+....+...........+............+.+..+.......+......+.........+.....+.......+.....+.+..+.+......+.....+...+.+.....+....+.................+....+.....+......+.+............+.....+......+.+...+........+..........+..............+....+..+.......+............+...+......+...............+..+....+........+......+.+.........+..+...+.+......+..+.+...........+..................+.......+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+......+.+.........+.....+.+.........+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..............+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
25/01/2024 10:54:17 DEBUG: Generating Admin certificates.
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
25/01/2024 10:54:17 DEBUG: Generating Wazuh indexer certificates.
25/01/2024 10:54:17 DEBUG: Creating the Wazuh indexer certificates.
25/01/2024 10:54:17 DEBUG: Generating certificate configuration.
..+.....+............+...+...+.............+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+......+......+........+...+.......+...+..+......+.........+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+............+...+.+.....+.......+..+......+.+...+...+........+.......+...+.........+.....+......+.+......+........+.+.....+....+...........+.+............+..+.+..+...+..........+.................+..........+..+...+...+...+....+...+........+......+...................+.....+.......+..............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.........+.....+...+..........+..+.......+......+..+.+......+........+............+.........+....+..+......+.............+..+...+.+........+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+...+...+.......+........+.+.........+.................+.........+.........+....+.....+.+.....+.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+............+.......+......+........+......+....+............+.........+........+......+......+......+.......+..+.+..+..........+......+......+...+...+...+..+....+........+......+.......+..+.......+...+...............+..+....+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
25/01/2024 10:54:18 DEBUG: Generating Filebeat certificates.
25/01/2024 10:54:18 DEBUG: Creating the Wazuh server certificates.
25/01/2024 10:54:18 DEBUG: Generating certificate configuration.
.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+...+.+............+.....+...+.+........+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+.+......+...+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.................+.........+......+...+.........+............+.........+.+.....+..........+.....+...+................+..+.........+....+......+...+...........+.......+..+......+.+...+..+...+......+......+.........+.+...+.................+................+..+.......+.........+......+......+..+.+......+........+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
25/01/2024 10:54:18 DEBUG: Generating Wazuh dashboard certificates.
25/01/2024 10:54:18 DEBUG: Creating the Wazuh dashboard certificates.
25/01/2024 10:54:18 DEBUG: Generating certificate configuration.
.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+..................+....+..+.........+.......+..+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+..........+..+.+.........+..+....+..+....+........+................+.................+.......+.....+......+....+..+.+.....+............+..........+.....+.+..+...+...................+...........+......+...+......+.+........+.......+.........+.........+..+.+.....+....+.....................+..+...+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..............+.....................+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...........+....+.....+......+.+..+.+.........+..+.+........+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+..+.+........+.+......+...+............+...+..+.......+.....+.......+...+..................+...+......+.........+..+.........+...............+......+.........+...+...............+...+.......+...+...............+........+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
25/01/2024 10:54:18 DEBUG: Cleaning certificate files.
25/01/2024 10:54:18 DEBUG: Generating password file.
25/01/2024 10:54:18 DEBUG: Generating random passwords.
25/01/2024 10:54:19 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
25/01/2024 10:54:19 DEBUG: Extracting Wazuh configuration.
25/01/2024 10:54:19 DEBUG: Reading configuration file.
25/01/2024 10:54:19 INFO: --- Wazuh indexer ---
25/01/2024 10:54:19 INFO: Starting Wazuh indexer installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 64 MB/s | 28 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 50 MB/s | 16 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 33 kB/s | 3.8 kB 00:00 EL-9 - Wazuh 15 MB/s | 24 MB 00:01 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 111 MB/s | 743 MB 00:06 -------------------------------------------------------------------------------- Total 111 MB/s | 743 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.8.0-1.x86_64 Complete!
25/01/2024 10:56:26 DEBUG: Checking Wazuh installation.
25/01/2024 10:56:28 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 10:56:30 INFO: Wazuh indexer installation finished.
25/01/2024 10:56:30 DEBUG: Configuring Wazuh indexer.
25/01/2024 10:56:30 DEBUG: Copying Wazuh indexer certificates.
25/01/2024 10:56:30 INFO: Wazuh indexer post-install configuration finished.
25/01/2024 10:56:30 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
25/01/2024 10:56:54 INFO: wazuh-indexer service started.
25/01/2024 10:56:54 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create 'wazuh' index template
 SUCC: 'wazuh' template created or updated
Will create 'ism_history_indices' index template
 SUCC: 'ism_history_indices' template created or updated
Will disable replicas for 'plugins.index_state_management.history' indices
 SUCC: cluster's settings saved
Will create index templates to configure the alias
 SUCC: 'wazuh-alerts' template created or updated
 SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
  SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
  SUCC: 'wazuh-alerts' write index created
  SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
25/01/2024 10:57:08 INFO: The Wazuh indexer cluster ISM initialized.
25/01/2024 10:57:08 INFO: Wazuh indexer cluster initialized.
25/01/2024 10:57:08 INFO: --- Wazuh server ---
25/01/2024 10:57:08 INFO: Starting the Wazuh manager installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:35 ago on Thu 25 Jan 2024 10:54:35 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 350 M Transaction Summary ================================================================================ Install 1 Package Total download size: 350 M Installed size: 854 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 142 MB/s | 350 MB 00:02 -------------------------------------------------------------------------------- Total 142 MB/s | 350 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.8.0-1.x86_64 Complete!
25/01/2024 10:59:06 DEBUG: Checking Wazuh installation.
25/01/2024 10:59:08 DEBUG: There are Wazuh remaining files.
25/01/2024 10:59:09 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 10:59:11 INFO: Wazuh manager installation finished.
25/01/2024 10:59:11 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
25/01/2024 10:59:30 INFO: wazuh-manager service started.
25/01/2024 10:59:30 INFO: Starting Filebeat installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:07 ago on Thu 25 Jan 2024 10:57:24 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 17 MB/s | 21 MB 00:01 -------------------------------------------------------------------------------- Total 17 MB/s | 21 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete!
25/01/2024 10:59:36 DEBUG: Checking Wazuh installation.
25/01/2024 10:59:38 DEBUG: There are Wazuh remaining files.
25/01/2024 10:59:39 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 10:59:40 DEBUG: There are Filebeat remaining files.
25/01/2024 10:59:41 INFO: Filebeat installation finished.
25/01/2024 10:59:41 DEBUG: Configuring Filebeat.
25/01/2024 10:59:41 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
25/01/2024 10:59:41 DEBUG: Filebeat module was downloaded successfully.
25/01/2024 10:59:41 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
25/01/2024 10:59:42 INFO: Filebeat post-install configuration finished.
25/01/2024 10:59:42 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
25/01/2024 10:59:42 INFO: filebeat service started.
25/01/2024 10:59:42 INFO: --- Wazuh dashboard ---
25/01/2024 10:59:42 INFO: Starting Wazuh dashboard installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:20 ago on Thu 25 Jan 2024 10:57:24 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 46 MB/s | 273 MB 00:05 -------------------------------------------------------------------------------- Total 46 MB/s | 273 MB 00:05 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete!
25/01/2024 11:02:20 DEBUG: Checking Wazuh installation.
25/01/2024 11:02:22 DEBUG: There are Wazuh remaining files.
25/01/2024 11:02:23 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 11:02:24 DEBUG: There are Filebeat remaining files.
25/01/2024 11:02:26 DEBUG: There are Wazuh dashboard remaining files.
25/01/2024 11:02:26 INFO: Wazuh dashboard installation finished.
25/01/2024 11:02:26 DEBUG: Configuring Wazuh dashboard.
25/01/2024 11:02:26 DEBUG: Copying Wazuh dashboard certificates.
25/01/2024 11:02:26 DEBUG: Wazuh dashboard certificate setup finished.
25/01/2024 11:02:26 INFO: Wazuh dashboard post-install configuration finished.
25/01/2024 11:02:26 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
25/01/2024 11:02:27 INFO: wazuh-dashboard service started.
25/01/2024 11:02:27 DEBUG: Setting Wazuh indexer cluster passwords.
25/01/2024 11:02:27 DEBUG: Checking Wazuh installation.
25/01/2024 11:02:28 DEBUG: There are Wazuh remaining files.
25/01/2024 11:02:29 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 11:02:31 DEBUG: There are Filebeat remaining files.
25/01/2024 11:02:32 DEBUG: There are Wazuh dashboard remaining files.
25/01/2024 11:02:32 INFO: Updating the internal users.
25/01/2024 11:02:32 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
25/01/2024 11:02:41 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
25/01/2024 11:02:41 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
25/01/2024 11:02:41 DEBUG: The internal users have been updated before changing the passwords.
25/01/2024 11:02:44 DEBUG: Generating password hashes.
25/01/2024 11:02:53 DEBUG: Password hashes generated.
25/01/2024 11:02:53 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
25/01/2024 11:02:58 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
25/01/2024 11:02:58 DEBUG: Restarting filebeat service...
25/01/2024 11:02:59 DEBUG: filebeat started.
25/01/2024 11:03:01 DEBUG: Restarting wazuh-dashboard service...
25/01/2024 11:03:02 DEBUG: wazuh-dashboard started.
25/01/2024 11:03:02 DEBUG: Running security admin tool.
25/01/2024 11:03:02 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
25/01/2024 11:03:08 DEBUG: Passwords changed.
25/01/2024 11:03:08 DEBUG: Changing API passwords.
25/01/2024 11:03:16 INFO: Initializing Wazuh dashboard web application.
25/01/2024 11:03:16 INFO: Wazuh dashboard web application not yet initialized. Waiting...
25/01/2024 11:03:33 INFO: Wazuh dashboard web application not yet initialized. Waiting...
25/01/2024 11:03:48 INFO: Wazuh dashboard web application initialized.
25/01/2024 11:03:48 INFO: --- Summary ---
25/01/2024 11:03:48 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: se9X43Do6*ou36xAB11idngKJ?R3hr.g
25/01/2024 11:03:48 INFO: --- Dependencies ---
25/01/2024 11:03:48 INFO: Removing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-2.el9 @baseos 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-2.el9.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-2.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
25/01/2024 11:03:51 DEBUG: Restoring Wazuh repository.
25/01/2024 11:03:51 INFO: Installation finished.
[root@ip-172-31-35-228 ec2-user]#

🟢 CentOS8

Installation log

[root@ip-172-31-46-37 centos]# bash wazuh-install.sh -a -i -v
25/01/2024 10:53:36 DEBUG: Checking root permissions.
25/01/2024 10:53:36 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
25/01/2024 10:53:36 INFO: Verbose logging redirected to /var/log/wazuh-install.log
25/01/2024 10:53:36 DEBUG: YUM package manager will be used.
25/01/2024 10:53:36 DEBUG: Checking system distribution.
25/01/2024 10:53:36 DEBUG: Detected distribution name: centos
25/01/2024 10:53:36 DEBUG: Detected distribution version: 8
25/01/2024 10:53:36 DEBUG: Installing check dependencies.
25/01/2024 10:53:44 INFO: --- Dependencies ---
25/01/2024 10:53:44 INFO: Installing lsof.
Last metadata expiration check: 0:04:17 ago on Thu 25 Jan 2024 10:49:28 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.93.2-1.el8 baseos 253 k Transaction Summary ================================================================================ Install 1 Package Total download size: 253 k Installed size: 623 k Downloading Packages: lsof-4.93.2-1.el8.x86_64.rpm 7.5 MB/s | 253 kB 00:00 -------------------------------------------------------------------------------- Total 1.2 MB/s | 253 kB 00:00 CentOS Stream 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <[email protected]>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : lsof-4.93.2-1.el8.x86_64 1/1 Running scriptlet: lsof-4.93.2-1.el8.x86_64 1/1 Verifying : lsof-4.93.2-1.el8.x86_64 1/1 Installed: lsof-4.93.2-1.el8.x86_64 Complete!
Last metadata expiration check: 0:04:17 ago on Thu 25 Jan 2024 10:49:28 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.93.2-1.el8 baseos 253 k Transaction Summary ================================================================================ Install 1 Package Total download size: 253 k Installed size: 623 k Downloading Packages: lsof-4.93.2-1.el8.x86_64.rpm 7.5 MB/s | 253 kB 00:00 -------------------------------------------------------------------------------- Total 1.2 MB/s | 253 kB 00:00 CentOS Stream 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <[email protected]>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : lsof-4.93.2-1.el8.x86_64 1/1 Running scriptlet: lsof-4.93.2-1.el8.x86_64 1/1 Verifying : lsof-4.93.2-1.el8.x86_64 1/1 Installed: lsof-4.93.2-1.el8.x86_64 Complete!
25/01/2024 10:53:50 DEBUG: Checking Wazuh installation.
25/01/2024 10:53:53 DEBUG: Checking system architecture.
25/01/2024 10:53:53 WARNING: Hardware and system checks ignored.
25/01/2024 10:53:53 INFO: Wazuh web interface port will be 443.
25/01/2024 10:53:53 DEBUG: Checking ports availability.
25/01/2024 10:53:55 DEBUG: Installing prerequisites dependencies.
25/01/2024 10:53:57 DEBUG: Checking curl tool version.
25/01/2024 10:53:57 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
25/01/2024 10:53:57 INFO: Wazuh development repository added.
25/01/2024 10:53:57 INFO: --- Configuration files ---
25/01/2024 10:53:57 INFO: Generating configuration files.
25/01/2024 10:53:57 DEBUG: Creating Wazuh certificates.
25/01/2024 10:53:57 DEBUG: Reading configuration file.
25/01/2024 10:53:57 DEBUG: Creating the root certificate.
Generating a RSA private key
.............+++++
....................+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
25/01/2024 10:53:57 DEBUG: Generating Admin certificates.
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
............................................................................................................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
25/01/2024 10:53:58 DEBUG: Generating Wazuh indexer certificates.
25/01/2024 10:53:58 DEBUG: Creating the Wazuh indexer certificates.
25/01/2024 10:53:58 DEBUG: Generating certificate configuration.
Generating a RSA private key
.........................+++++
..........+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
25/01/2024 10:53:58 DEBUG: Generating Filebeat certificates.
25/01/2024 10:53:58 DEBUG: Creating the Wazuh server certificates.
25/01/2024 10:53:58 DEBUG: Generating certificate configuration.
Generating a RSA private key
...................................+++++
...............................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
25/01/2024 10:53:58 DEBUG: Generating Wazuh dashboard certificates.
25/01/2024 10:53:58 DEBUG: Creating the Wazuh dashboard certificates.
25/01/2024 10:53:58 DEBUG: Generating certificate configuration.
Generating a RSA private key
..........+++++
........................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
25/01/2024 10:53:58 DEBUG: Cleaning certificate files.
25/01/2024 10:53:58 DEBUG: Generating password file.
25/01/2024 10:53:58 DEBUG: Generating random passwords.
25/01/2024 10:53:59 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
25/01/2024 10:53:59 DEBUG: Extracting Wazuh configuration.
25/01/2024 10:53:59 DEBUG: Reading configuration file.
25/01/2024 10:53:59 INFO: --- Wazuh indexer ---
25/01/2024 10:53:59 INFO: Starting Wazuh indexer installation.
EL-8 - Wazuh 15 MB/s | 24 MB 00:01 Last metadata expiration check: 0:00:13 ago on Thu 25 Jan 2024 10:54:01 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.8.0-1 wazuh 743 M Transaction Summary ================================================================================ Install 1 Package Total download size: 743 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.8.0-1.x86_64.rpm 52 MB/s | 743 MB 00:14 -------------------------------------------------------------------------------- Total 52 MB/s | 743 MB 00:14 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer-4.8.0-1.x86_64 Complete!
25/01/2024 10:56:13 DEBUG: Checking Wazuh installation.
25/01/2024 10:56:15 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 10:56:17 INFO: Wazuh indexer installation finished.
25/01/2024 10:56:17 DEBUG: Configuring Wazuh indexer.
25/01/2024 10:56:17 DEBUG: Copying Wazuh indexer certificates.
25/01/2024 10:56:17 INFO: Wazuh indexer post-install configuration finished.
25/01/2024 10:56:17 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
25/01/2024 10:56:43 INFO: wazuh-indexer service started.
25/01/2024 10:56:43 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
Will create 'wazuh' index template
 SUCC: 'wazuh' template created or updated
Will create 'ism_history_indices' index template
 SUCC: 'ism_history_indices' template created or updated
Will disable replicas for 'plugins.index_state_management.history' indices
 SUCC: cluster's settings saved
Will create index templates to configure the alias
 SUCC: 'wazuh-alerts' template created or updated
 SUCC: 'wazuh-archives' template created or updated
Will create the 'rollover_policy' policy
  SUCC: 'rollover_policy' policy created
Will create initial indices for the aliases
  SUCC: 'wazuh-alerts' write index created
  SUCC: 'wazuh-archives' write index created
SUCC: Indexer ISM initialization finished successfully.
25/01/2024 10:56:57 INFO: The Wazuh indexer cluster ISM initialized.
25/01/2024 10:56:57 INFO: Wazuh indexer cluster initialized.
25/01/2024 10:56:57 INFO: --- Wazuh server ---
25/01/2024 10:56:57 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:02:57 ago on Thu 25 Jan 2024 10:54:01 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.8.0-1 wazuh 350 M Transaction Summary ================================================================================ Install 1 Package Total download size: 350 M Installed size: 854 M Downloading Packages: wazuh-manager-4.8.0-1.x86_64.rpm 54 MB/s | 350 MB 00:06 -------------------------------------------------------------------------------- Total 54 MB/s | 350 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Installing : wazuh-manager-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1 Verifying : wazuh-manager-4.8.0-1.x86_64 1/1 Installed: wazuh-manager-4.8.0-1.x86_64 Complete!
25/01/2024 11:01:42 DEBUG: Checking Wazuh installation.
25/01/2024 11:01:44 DEBUG: There are Wazuh remaining files.
25/01/2024 11:01:45 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 11:01:47 INFO: Wazuh manager installation finished.
25/01/2024 11:01:47 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
25/01/2024 11:02:08 INFO: wazuh-manager service started.
25/01/2024 11:02:08 INFO: Starting Filebeat installation.
Last metadata expiration check: 0:08:12 ago on Thu 25 Jan 2024 10:54:01 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 35 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 35 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat-7.10.2-1.x86_64 Complete!
25/01/2024 11:02:22 DEBUG: Checking Wazuh installation.
25/01/2024 11:02:23 DEBUG: There are Wazuh remaining files.
25/01/2024 11:02:24 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 11:02:26 DEBUG: There are Filebeat remaining files.
25/01/2024 11:02:28 INFO: Filebeat installation finished.
25/01/2024 11:02:28 DEBUG: Configuring Filebeat.
25/01/2024 11:02:28 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/module.yml
25/01/2024 11:02:28 DEBUG: Filebeat module was downloaded successfully.
25/01/2024 11:02:28 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
25/01/2024 11:02:29 INFO: Filebeat post-install configuration finished.
25/01/2024 11:02:29 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
25/01/2024 11:02:30 INFO: filebeat service started.
25/01/2024 11:02:30 INFO: --- Wazuh dashboard ---
25/01/2024 11:02:30 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:08:30 ago on Thu 25 Jan 2024 10:54:01 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M Transaction Summary ================================================================================ Install 1 Package Total download size: 273 M Installed size: 902 M Downloading Packages: wazuh-dashboard-4.8.0-1.x86_64.rpm 58 MB/s | 273 MB 00:04 -------------------------------------------------------------------------------- Total 58 MB/s | 273 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1 Installed: wazuh-dashboard-4.8.0-1.x86_64 Complete!
25/01/2024 11:05:54 DEBUG: Checking Wazuh installation.
25/01/2024 11:05:58 DEBUG: There are Wazuh remaining files.
25/01/2024 11:05:59 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 11:06:00 DEBUG: There are Filebeat remaining files.
25/01/2024 11:06:02 DEBUG: There are Wazuh dashboard remaining files.
25/01/2024 11:06:02 INFO: Wazuh dashboard installation finished.
25/01/2024 11:06:02 DEBUG: Configuring Wazuh dashboard.
25/01/2024 11:06:02 DEBUG: Copying Wazuh dashboard certificates.
25/01/2024 11:06:03 DEBUG: Wazuh dashboard certificate setup finished.
25/01/2024 11:06:03 INFO: Wazuh dashboard post-install configuration finished.
25/01/2024 11:06:03 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
25/01/2024 11:06:03 INFO: wazuh-dashboard service started.
25/01/2024 11:06:03 DEBUG: Setting Wazuh indexer cluster passwords.
25/01/2024 11:06:03 DEBUG: Checking Wazuh installation.
25/01/2024 11:06:05 DEBUG: There are Wazuh remaining files.
25/01/2024 11:06:07 DEBUG: There are Wazuh indexer remaining files.
25/01/2024 11:06:09 DEBUG: There are Filebeat remaining files.
25/01/2024 11:06:10 DEBUG: There are Wazuh dashboard remaining files.
25/01/2024 11:06:10 INFO: Updating the internal users.
25/01/2024 11:06:10 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
25/01/2024 11:06:20 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
25/01/2024 11:06:20 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
25/01/2024 11:06:20 DEBUG: The internal users have been updated before changing the passwords.
25/01/2024 11:06:23 DEBUG: Generating password hashes.
25/01/2024 11:06:35 DEBUG: Password hashes generated.
25/01/2024 11:06:35 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
25/01/2024 11:06:41 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
25/01/2024 11:06:41 DEBUG: Restarting filebeat service...
25/01/2024 11:06:42 DEBUG: filebeat started.
25/01/2024 11:06:44 DEBUG: Restarting wazuh-dashboard service...
25/01/2024 11:06:44 DEBUG: wazuh-dashboard started.
25/01/2024 11:06:44 DEBUG: Running security admin tool.
25/01/2024 11:06:44 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/centos
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
25/01/2024 11:06:50 DEBUG: Passwords changed.
25/01/2024 11:06:50 DEBUG: Changing API passwords.
25/01/2024 11:06:57 INFO: Initializing Wazuh dashboard web application.
25/01/2024 11:06:57 INFO: Wazuh dashboard web application not yet initialized. Waiting...
25/01/2024 11:07:15 INFO: Wazuh dashboard web application not yet initialized. Waiting...
25/01/2024 11:07:30 INFO: Wazuh dashboard web application initialized.
25/01/2024 11:07:30 INFO: --- Summary ---
25/01/2024 11:07:30 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: Wo2lKbfQG8xKa5F*?1NWpYt1svdEfhIF
25/01/2024 11:07:30 INFO: --- Dependencies ---
25/01/2024 11:07:30 INFO: Removing lsof.
Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Removing: lsof x86_64 4.93.2-1.el8 @baseos 623 k Transaction Summary ================================================================================ Remove 1 Package Freed space: 623 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.93.2-1.el8.x86_64 1/1 Running scriptlet: lsof-4.93.2-1.el8.x86_64 1/1 Verifying : lsof-4.93.2-1.el8.x86_64 1/1 Removed: lsof-4.93.2-1.el8.x86_64 Complete!
25/01/2024 11:07:33 DEBUG: Restoring Wazuh repository.
25/01/2024 11:07:33 INFO: Installation finished.
[root@ip-172-31-46-37 centos]#

Automatic testing:

🟢 https://ci.wazuh.info/job/Test_unattended/5098/ - Ubuntu Xenial
🟢 https://ci.wazuh.info/job/Test_unattended/5099/ - Ubuntu Focal
🟢 https://ci.wazuh.info/job/Test_unattended/5100/ - Amazon Linux 2

@davidcr01 davidcr01 self-assigned this Jan 22, 2024
@davidcr01 davidcr01 linked an issue Jan 22, 2024 that may be closed by this pull request
Error in wazuh-install.log during wazuh-indexer installation #2688
Closed
@davidcr01 davidcr01 force-pushed the enhancement/2688-support-al-2023 branch from 48b78c5 to 2f8704e Compare January 25, 2024 11:16
@teddytpc1 teddytpc1 merged commit 0bdc5d8 into master Jan 25, 2024
4 checks passed
@teddytpc1 teddytpc1 deleted the enhancement/2688-support-al-2023 branch January 25, 2024 11:39
This was linked to issues Jan 25, 2024
Installation assistant 4.6 Cannot install dependency: curl #2432
Closed
Installation assistant 4.6 Cannot install dependency: coreutils #2430
Closed
Installation assistant 4.6 Cannot install dependency: gnupg2 #2436
Closed
@davidcr01 davidcr01 mentioned this pull request Feb 29, 2024
Closed
@rauldpm rauldpm mentioned this pull request Apr 9, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcerenu vcerenu vcerenu approved these changes

@teddytpc1 teddytpc1 teddytpc1 approved these changes

@c-bordon c-bordon Awaiting requested review from c-bordon

Assignees

@davidcr01 davidcr01

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@davidcr01 @teddytpc1 @vcerenu