From 7365fee46dce6e66a9c706ae0798b8f4845f089c Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 26 Jul 2024 10:29:57 -0300 Subject: [PATCH 1/7] Add Wazuh manager and Filebeat tests --- .../install_functions/filebeat.sh | 20 +++++++++++++++++++ .../install_functions/installMain.sh | 4 ++++ .../install_functions/manager.sh | 18 +++++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/unattended_installer/install_functions/filebeat.sh b/unattended_installer/install_functions/filebeat.sh index 57e5e24bd2..9a1b426e8d 100644 --- a/unattended_installer/install_functions/filebeat.sh +++ b/unattended_installer/install_functions/filebeat.sh @@ -6,6 +6,26 @@ # License (version 2) as published by the FSF - Free Software # Foundation. +function filebeat_checkService() { + common_logger "Checking Filebeat connection" + + fbError=$(filebeat test output | grep ERROR) + errorMessage='ERROR' + fbOutput=$(filebeat test output) + + if [[ ${fbError,,} = *${errorMessage,,}* ]]; then + common_logger -e "Filebeat connection Error. $fbError" + common_logger -d "Full output of Filebeatt test:" + common_logger -d "$fbOutput" + installCommon_rollBack + exit 1 + else + common_logger "Filebeat connection successful" + common_logger -d "Full output of Filebeatt test:" + common_logger -d "$fbOutput" + fi +} + function filebeat_configure(){ common_logger -d "Configuring Filebeat." diff --git a/unattended_installer/install_functions/installMain.sh b/unattended_installer/install_functions/installMain.sh index 7a809bf61b..07df2d21a3 100755 --- a/unattended_installer/install_functions/installMain.sh +++ b/unattended_installer/install_functions/installMain.sh @@ -368,10 +368,12 @@ function main() { manager_startCluster fi installCommon_startService "wazuh-manager" + manager_checkService filebeat_install filebeat_configure installCommon_changePasswords installCommon_startService "filebeat" + filebeat_checkService installCommon_removeWIADependencies fi @@ -388,9 +390,11 @@ function main() { manager_install manager_configure installCommon_startService "wazuh-manager" + manager_checkService filebeat_install filebeat_configure installCommon_startService "filebeat" + filebeat_checkService common_logger "--- Wazuh dashboard ---" dashboard_install dashboard_configure diff --git a/unattended_installer/install_functions/manager.sh b/unattended_installer/install_functions/manager.sh index 7ff35ffb3d..d228444d7b 100644 --- a/unattended_installer/install_functions/manager.sh +++ b/unattended_installer/install_functions/manager.sh @@ -42,6 +42,24 @@ function manager_startCluster() { } +function manager_checkService() { + common_logger "Checking Wazuh API connection" + eval "TOKEN=$(curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://localhost:55000/security/user/authenticate/run_as?raw=true -d '{"user_name":"wzread"}' -H "content-type:application/json")" + wmError=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer $TOKEN") + wmStatus=$(/var/ossec/bin/wazuh-control status) + errorMessage='"error": 0' + common_logger -d "$wmStatus" + + if [[ ${wmError,,} = *${errorMessage,,}* ]]; then + common_logger "Wazuh API connection successful" + else + common_logger -e "Wazuh API connection Error. $wmError" + installCommon_rollBack + exit 1 + fi + common_logger "End Wazuh API connection" +} + function manager_configure(){ common_logger -d "Configuring Wazuh manager." From c0d55b2ad4c95684b661b84080e57cdefe421cd4 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 26 Jul 2024 11:22:47 -0300 Subject: [PATCH 2/7] Delete end log --- unattended_installer/install_functions/manager.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/unattended_installer/install_functions/manager.sh b/unattended_installer/install_functions/manager.sh index d228444d7b..418a27d55e 100644 --- a/unattended_installer/install_functions/manager.sh +++ b/unattended_installer/install_functions/manager.sh @@ -57,7 +57,6 @@ function manager_checkService() { installCommon_rollBack exit 1 fi - common_logger "End Wazuh API connection" } function manager_configure(){ From 138fad26c3620a51d533be3a498a5ece58c94d43 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 26 Jul 2024 11:33:09 -0300 Subject: [PATCH 3/7] Change localhost for local IP --- unattended_installer/install_functions/manager.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/manager.sh b/unattended_installer/install_functions/manager.sh index 418a27d55e..9f6b676df5 100644 --- a/unattended_installer/install_functions/manager.sh +++ b/unattended_installer/install_functions/manager.sh @@ -44,7 +44,7 @@ function manager_startCluster() { function manager_checkService() { common_logger "Checking Wazuh API connection" - eval "TOKEN=$(curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://localhost:55000/security/user/authenticate/run_as?raw=true -d '{"user_name":"wzread"}' -H "content-type:application/json")" + eval "TOKEN=$(curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{"user_name":"wzread"}' -H "content-type:application/json")" wmError=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer $TOKEN") wmStatus=$(/var/ossec/bin/wazuh-control status) errorMessage='"error": 0' From 0655457cc1b5b1b68e8c47c21f43703dc954a413 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 26 Jul 2024 15:35:03 -0300 Subject: [PATCH 4/7] Modify if code for filrbrat test --- unattended_installer/install_functions/filebeat.sh | 12 ++---------- unattended_installer/install_functions/manager.sh | 12 ++++++------ 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/unattended_installer/install_functions/filebeat.sh b/unattended_installer/install_functions/filebeat.sh index 9a1b426e8d..f163efc8ba 100644 --- a/unattended_installer/install_functions/filebeat.sh +++ b/unattended_installer/install_functions/filebeat.sh @@ -9,20 +9,12 @@ function filebeat_checkService() { common_logger "Checking Filebeat connection" - fbError=$(filebeat test output | grep ERROR) - errorMessage='ERROR' - fbOutput=$(filebeat test output) - - if [[ ${fbError,,} = *${errorMessage,,}* ]]; then - common_logger -e "Filebeat connection Error. $fbError" - common_logger -d "Full output of Filebeatt test:" - common_logger -d "$fbOutput" + if filebeat test output | grep -q -i -w "ERROR"; then + common_logger -e "Filebeat connection Error." installCommon_rollBack exit 1 else common_logger "Filebeat connection successful" - common_logger -d "Full output of Filebeatt test:" - common_logger -d "$fbOutput" fi } diff --git a/unattended_installer/install_functions/manager.sh b/unattended_installer/install_functions/manager.sh index 9f6b676df5..42715804f5 100644 --- a/unattended_installer/install_functions/manager.sh +++ b/unattended_installer/install_functions/manager.sh @@ -45,15 +45,15 @@ function manager_startCluster() { function manager_checkService() { common_logger "Checking Wazuh API connection" eval "TOKEN=$(curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{"user_name":"wzread"}' -H "content-type:application/json")" - wmError=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer $TOKEN") - wmStatus=$(/var/ossec/bin/wazuh-control status) - errorMessage='"error": 0' - common_logger -d "$wmStatus" + wm_error=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer ${TOKEN}") + wm_status=$(/var/ossec/bin/wazuh-control status) + error_message='"error": 0' + common_logger -d "${wm_status}" - if [[ ${wmError,,} = *${errorMessage,,}* ]]; then + if [[ ${wm_error,,} = *${error_message,,}* ]]; then common_logger "Wazuh API connection successful" else - common_logger -e "Wazuh API connection Error. $wmError" + common_logger -e "Wazuh API connection Error. $wm_error" installCommon_rollBack exit 1 fi From c2330e7f5b72075ffb302446ae09c80629c17e4c Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 26 Jul 2024 15:37:33 -0300 Subject: [PATCH 5/7] Modify if code for filrbrat test --- unattended_installer/install_functions/filebeat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/filebeat.sh b/unattended_installer/install_functions/filebeat.sh index f163efc8ba..7861d79fe7 100644 --- a/unattended_installer/install_functions/filebeat.sh +++ b/unattended_installer/install_functions/filebeat.sh @@ -10,7 +10,7 @@ function filebeat_checkService() { common_logger "Checking Filebeat connection" if filebeat test output | grep -q -i -w "ERROR"; then - common_logger -e "Filebeat connection Error." + common_logger -e "Filebeat connection Error" installCommon_rollBack exit 1 else From 2870477ee7bdf8ec02ff8c2e19a4aee737085860 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 26 Jul 2024 15:55:51 -0300 Subject: [PATCH 6/7] Add debug unformation --- unattended_installer/install_functions/filebeat.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/filebeat.sh b/unattended_installer/install_functions/filebeat.sh index 7861d79fe7..9fef47dda6 100644 --- a/unattended_installer/install_functions/filebeat.sh +++ b/unattended_installer/install_functions/filebeat.sh @@ -10,7 +10,8 @@ function filebeat_checkService() { common_logger "Checking Filebeat connection" if filebeat test output | grep -q -i -w "ERROR"; then - common_logger -e "Filebeat connection Error" + common_logger -e "Filebeat connection Error." + eval "filebeat test output x ${debug}" installCommon_rollBack exit 1 else From ec127a010271b210d49f6ac4bb4041f441270912 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 29 Jul 2024 08:53:14 -0300 Subject: [PATCH 7/7] Modify Wazuh manager test --- unattended_installer/install_functions/manager.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/unattended_installer/install_functions/manager.sh b/unattended_installer/install_functions/manager.sh index 42715804f5..a33e564de2 100644 --- a/unattended_installer/install_functions/manager.sh +++ b/unattended_installer/install_functions/manager.sh @@ -46,14 +46,12 @@ function manager_checkService() { common_logger "Checking Wazuh API connection" eval "TOKEN=$(curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{"user_name":"wzread"}' -H "content-type:application/json")" wm_error=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer ${TOKEN}") - wm_status=$(/var/ossec/bin/wazuh-control status) - error_message='"error": 0' - common_logger -d "${wm_status}" - if [[ ${wm_error,,} = *${error_message,,}* ]]; then + if [[ ${wm_error,,} = '"error": 0' ]]; then common_logger "Wazuh API connection successful" else common_logger -e "Wazuh API connection Error. $wm_error" + eval "/var/ossec/bin/wazuh-control status ${debug}" installCommon_rollBack exit 1 fi