Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 4.4.0 - Alpha 1 - E2E UX tests - Wazuh Indexer #15534

Closed
2 tasks done
jotacarma90 opened this issue Nov 30, 2022 · 11 comments
Closed
2 tasks done

Release 4.4.0 - Alpha 1 - E2E UX tests - Wazuh Indexer #15534

jotacarma90 opened this issue Nov 30, 2022 · 11 comments
Assignees
@chemamartinez
Labels
release test/4.4.0 Issues related to testing for v4.4.0 type/test/manual

Comments

@jotacarma90
Copy link
Member

jotacarma90 commented Nov 30, 2022
edited by davidjiglesias
Loading

The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.

Test information
Test name Wazuh Indexer
Category Installation
Deployment option Single Indexer and agent, Multi Server: Step by step
Main release issue #15519
Release candidate # Alpha 1
Previous issue #15379

Environment

Component OS Installation Type
Wazuh dashboard Amazon Linux 2 Step by step -
Wazuh indexer Amazon Linux 2 Step by step Single node
Wazuh server Amazon Linux 2 Step by step Multi node
Wazuh agent Amazon Linux 2 Installing Wazuh agents -

Test description

Best effort to test Wazuh indexer package. Think critically and at least review/test:

  • Wazuh indexer package specs
  • Indexer package size
  • Indexer package metadata (description)
  • Indexer package digital signature
  • Installed files location, size and permissions
  • Installation footprint (check that no unnecessary files are modified/broken in the file system. For example that operating system files do keep their right owner/pemissions and that the installer did not break the system.)
  • Installed Wazuh indexer service
  • Wazuh indexer logs when installed
  • Wazuh indexer templates and indices created
  • Wazuh indexer configuration (e.g. replicas are expected to be zero by default, how many shards per index,...) Try to compare and find anomalies with the previous Wazuh indexer version using appropiate E2E UX issue. Write down and report as much information as possible to allow comparison between versions using this issue.
  • Wazuh indexer cluster node communication and configuration
  • Wazuh indexer cluster status
  • Wazuh indexer packages uninstallation procedure

Test report procedure

All test results must have one of the following statuses:
🟢 All checks passed.
🔴 There is at least one failed result.
🟡 There is at least one expected failure or skipped test and no failures.

Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.

An extended report of the test results must be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.

Conclusions

Status Test Failure type Notes
🟢 Environment installation
🟢 Wazuh indexer package information
🟢 Installed files location, size and permissions
🟢 Installation footprint
🟢 Wazuh indexer service
🟡 Wazuh indexer installation logs Found some warnings that don't affect the performance
🟢 Wazuh indexer indices, templates, and shards
🟢 Wazuh indexer cluster status
🟢 Uninstall procedure
 :green_circle:  E2E dataflow

Auditors validation

The definition of done for this one is the validation of the conclusions and the test results from all auditors.
@jotacarma90 jotacarma90 added release test/4.4.0 Issues related to testing for v4.4.0 type/test/manual labels Nov 30, 2022
@jotacarma90 jotacarma90 moved this to Triage in Release 4.4.0 Nov 30, 2022
@jotacarma90 jotacarma90 moved this from Triage to Todo in Release 4.4.0 Nov 30, 2022
@jotacarma90 jotacarma90 mentioned this issue Nov 30, 2022
Closed
1 task
@chemamartinez chemamartinez self-assigned this Nov 30, 2022
@chemamartinez chemamartinez moved this from Todo to In Progress in Release 4.4.0 Dec 1, 2022
@chemamartinez
Copy link
Contributor

chemamartinez commented Dec 2, 2022
edited
Loading

Environment installation 🟢

Hosts information

Hosts information

All the hosts used for this test are like this one:

[root@al2-indexer ~]# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
[root@al2-indexer ~]# uname -a
Linux al2-indexer 4.14.203-156.332.amzn2.x86_64 #1 SMP Fri Oct 30 19:19:33 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@al2-indexer ~]#

The IP addresses for this scenario are:

  • Wazuh indexer: 192.168.1.198
  • Wazuh manager (master): 192.168.1.201
  • Wazuh manager (worker): 192.168.1.199
  • Wazuh dashboard: 192.168.1.200
  • Wazuh agent: 192.168.1.171
Wazuh indexer 🟢

Wazuh indexer 🟢

Followed the step-by-step documentation at:
https://documentation-dev.wazuh.com/v4.4.0-alpha1/installation-guide/wazuh-indexer/step-by-step.html

Certificates creation 🟢

[root@al2-indexer ~]# curl -sO https://packages-dev.wazuh.com/4.4/wazuh-certs-tool.sh
[root@al2-indexer ~]# curl -sO https://packages-dev.wazuh.com/4.4/config.yml

Content of config.yml:

nodes:
  indexer:
    - name: indexer-1
      ip: 192.168.1.198
  server:
    - name: server-1
      ip: 192.168.1.201
      node_type: master
    - name: server-2
      ip: 192.168.1.199
      node_type: worker
  dashboard:
    - name: dashboard-1
      ip: 192.168.1.200

Created and copied the certificates to all the required nodes:

[root@al2-indexer ~]# bash ./wazuh-certs-tool.sh -A
01/12/2022 12:44:54 INFO: Admin certificates created.
01/12/2022 12:44:54 INFO: Wazuh indexer certificates created.
01/12/2022 12:44:54 INFO: Wazuh server certificates created.
01/12/2022 12:44:54 INFO: Wazuh dashboard certificates created.
[root@al2-indexer ~]# ls wazuh-certificates/
admin-key.pem  dashboard-1-key.pem  indexer-1-key.pem  root-ca.key  server-1-key.pem  server-2-key.pem
admin.pem      dashboard-1.pem      indexer-1.pem      root-ca.pem  server-1.pem      server-2.pem
[root@al2-indexer ~]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
[root@al2-indexer ~]# rm -rf wazuh-certificates
[root@al2-indexer ~]# scp wazuh-certificates.tar [email protected]:/root
[root@al2-indexer ~]# scp wazuh-certificates.tar [email protected]:/root
[root@al2-indexer ~]# scp wazuh-certificates.tar [email protected]:/root
[root@al2-indexer ~]# scp wazuh-certificates.tar [email protected]:/root
[root@al2-indexer ~]# scp wazuh-certificates.tar [email protected]:/root

Wazuh indexer installation 🟢

Installed dependency:

[root@al2-indexer ~]# yum install coreutils
Loaded plugins: langpacks, priorities, update-motd
amzn2-core                                                                                                      | 3.7 kB  00:00:00
Package coreutils-8.22-24.amzn2.x86_64 already installed and latest version
Nothing to do

Import repository:

[root@al2-indexer ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@al2-indexer ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1

Installing the Wazuh indexer:

[root@al2-indexer ~]# yum -y install wazuh-indexer
Loaded plugins: langpacks, priorities, update-motd
amzn2-core                                                                                                      | 3.7 kB  00:00:00
amzn2extra-docker                                                                                               | 3.0 kB  00:00:00
wazuh                                                                                                           | 3.4 kB  00:00:00
wazuh/primary_db                                                                                                | 276 kB  00:00:01
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                              Arch                          Version                         Repository                    Size
=======================================================================================================================================
Installing:
 wazuh-indexer                        x86_64                        4.4.0-1                         wazuh                        397 M

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 397 M
Installed size: 644 M
Downloading packages:
wazuh-indexer-4.4.0-1.x86_64.rpm                                                                                | 397 MB  00:01:16
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.4.0-1.x86_64                                                                                        1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.4.0-1.x86_64                                                                                        1/1

Installed:
  wazuh-indexer.x86_64 0:4.4.0-1

Complete!

Modified the config file /etc/wazuh-indexer/opensearch.yml:

[root@al2-indexer ~]# cat /etc/wazuh-indexer/opensearch.yml
network.host: "192.168.1.198"
node.name: "indexer-1"
cluster.initial_master_nodes:
- "indexer-1"
cluster.name: "wazuh-cluster"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=indexer-1,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

Deploying certificates 🟢

[root@al2-indexer ~]# NODE_NAME=indexer-1
[root@al2-indexer ~]# mkdir /etc/wazuh-indexer/certs
[root@al2-indexer ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@al2-indexer ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@al2-indexer ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@al2-indexer ~]# chmod 500 /etc/wazuh-indexer/certs
[root@al2-indexer ~]# chmod 400 /etc/wazuh-indexer/certs/*
[root@al2-indexer ~]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@al2-indexer ~]# rm -f ./wazuh-certificates.tar
[root@al2-indexer ~]#

Starting the service 🟢

[root@al2-indexer ~]# systemctl daemon-reload
[root@al2-indexer ~]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@al2-indexer ~]# systemctl start wazuh-indexer
[root@al2-indexer ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 08:41:32 UTC; 21s ago
     Docs: https://documentation.wazuh.com
 Main PID: 55505 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─55505 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networka...

Dec 02 08:41:13 al2-indexer systemd[1]: Starting Wazuh-indexer...
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: A terminally deprecated method in java.lang.System has been called
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bo....jar)
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: Please consider reporting this to the maintainers of org.opense...earch
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager will be removed in a future release
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: A terminally deprecated method in java.lang.System has been called
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bo....jar)
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: Please consider reporting this to the maintainers of org.opense...urity
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager will be removed in a future release
Dec 02 08:41:32 al2-indexer systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.
[root@al2-indexer ~]# systemctl is-enabled wazuh-indexer
enabled
[root@al2-indexer ~]#

Cluster initialization 🟢

[root@al2-indexer ~]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 192.168.1.198:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.3.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@al2-indexer ~]#

Testing the cluster installation:

[root@al2-indexer ~]# curl -k -u admin:admin https://192.168.1.198:9200
{
  "name" : "indexer-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "T7PdkT2OQxagXdkKLIJ1Wg",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140",
    "build_date" : "2022-09-09T00:07:12.137133581Z",
    "build_snapshot" : false,
    "lucene_version" : "9.3.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@al2-indexer ~]# curl -k -u admin:admin https://192.168.1.198:9200/_cat/nodes?v
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
192.168.1.198           21          78   3    0.27    0.14     0.07 dimr      cluster_manager,data,ingest,remote_cluster_client *               indexer-1
[root@al2-indexer ~]#
Wazuh manager (master node)🟢

Wazuh manager (master node)🟢

Followed the step-by-step documentation at:
https://documentation-dev.wazuh.com/v4.4.0-alpha1/installation-guide/wazuh-server/step-by-step.html

Installing the Wazuh manager 🟢

Added the repository:

[root@al2-master ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@al2-master ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@al2-master ~]#

Installed the Wazuh manager package:

[root@al2-master ~]# yum -y install wazuh-manager
Loaded plugins: langpacks, priorities, update-motd
amzn2-core                                                                                                      | 3.7 kB  00:00:00
amzn2extra-docker                                                                                               | 3.0 kB  00:00:00
wazuh                                                                                                           | 3.4 kB  00:00:00
wazuh/primary_db                                                                                                | 276 kB  00:00:01
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                              Arch                          Version                         Repository                    Size
=======================================================================================================================================
Installing:
 wazuh-manager                        x86_64                        4.4.0-1                         wazuh                        116 M

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 116 M
Installed size: 444 M
Downloading packages:
wazuh-manager-4.4.0-1.x86_64.rpm                                                                                | 116 MB  00:00:38
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-manager-4.4.0-1.x86_64                                                                                        1/1
  Verifying  : wazuh-manager-4.4.0-1.x86_64                                                                                        1/1

Installed:
  wazuh-manager.x86_64 0:4.4.0-1

Complete!

Enabled the service and started the master node:

[root@al2-master ~]# systemctl daemon-reload
[root@al2-master ~]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@al2-master ~]# systemctl start wazuh-manager
[root@al2-master ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 08:54:26 UTC; 11s ago
  Process: 55949 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-manager.service
           ├─56008 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─56049 /var/ossec/bin/wazuh-authd
           ├─56066 /var/ossec/bin/wazuh-db
           ├─56080 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─56083 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─56097 /var/ossec/bin/wazuh-execd
           ├─56113 /var/ossec/bin/wazuh-analysisd
           ├─56156 /var/ossec/bin/wazuh-syscheckd
           ├─56173 /var/ossec/bin/wazuh-remoted
           ├─56205 /var/ossec/bin/wazuh-logcollector
           ├─56225 /var/ossec/bin/wazuh-monitord
           └─56250 /var/ossec/bin/wazuh-modulesd

Dec 02 08:54:17 al2-master env[55949]: Started wazuh-execd...
Dec 02 08:54:18 al2-master env[55949]: Started wazuh-analysisd...
Dec 02 08:54:19 al2-master env[55949]: Started wazuh-syscheckd...
Dec 02 08:54:20 al2-master env[55949]: Started wazuh-remoted...
Dec 02 08:54:22 al2-master env[55949]: Started wazuh-logcollector...
Dec 02 08:54:23 al2-master env[55949]: Started wazuh-monitord...
Dec 02 08:54:24 al2-master crontab[56333]: (root) LIST (root)
Dec 02 08:54:24 al2-master env[55949]: Started wazuh-modulesd...
Dec 02 08:54:26 al2-master env[55949]: Completed.
Dec 02 08:54:26 al2-master systemd[1]: Started Wazuh manager.
[root@al2-master ~]#

Installing filebeat 🟢

Installed the filebeat package:

[root@al2-master ~]# yum -y install filebeat
Loaded plugins: langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package filebeat.x86_64 0:7.10.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                          Arch                           Version                           Repository                     Size
=======================================================================================================================================
Installing:
 filebeat                         x86_64                         7.10.2-1                          wazuh                          21 M

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 21 M
Installed size: 70 M
Downloading packages:
filebeat-oss-7.10.2-x86_64.rpm                                                                                  |  21 MB  00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : filebeat-7.10.2-1.x86_64                                                                                            1/1
  Verifying  : filebeat-7.10.2-1.x86_64                                                                                            1/1

Installed:
  filebeat.x86_64 0:7.10.2-1

Complete!
[root@al2-master ~]#

Filebeat configuration 🟢

Downloaded the configuration file:

[root@al2-master ~]# curl -so /etc/filebeat/filebeat.yml https://packages-dev.wazuh.com/4.4/tpl/wazuh/filebeat/filebeat.yml
[root@al2-master ~]#

Modified the configuration:

[root@al2-master ~]# head /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file
output.elasticsearch:
  hosts: ["192.168.1.198:9200"]
  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem
  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
[root@al2-master ~]#

Configuring the credentials:

[root@al2-master ~]# filebeat keystore create
Created filebeat keystore
[root@al2-master ~]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@al2-master ~]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@al2-master ~]#

Download the alerts template:

[root@al2-master ~]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.4/extensions/elasticsearch/7.x/wazuh-template.json
[root@al2-master ~]# chmod go+r /etc/filebeat/wazuh-template.json
[root@al2-master ~]#

Installed the Wazuh module for filebeat:

[root@al2-master ~]# curl -s https://packages-dev.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml

Deploying certificates 🟢

[root@al2-master ~]# NODE_NAME=server-1
[root@al2-master ~]# mkdir /etc/filebeat/certs
[root@al2-master ~]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@al2-master ~]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@al2-master ~]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@al2-master ~]# chmod 500 /etc/filebeat/certs
[root@al2-master ~]# chmod 400 /etc/filebeat/certs/*
[root@al2-master ~]# chown -R root:root /etc/filebeat/certs
[root@al2-master ~]#

Starting filebeat 🟢

[root@al2-master ~]# systemctl daemon-reload
[root@al2-master ~]# systemctl enable filebeat
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
[root@al2-master ~]# systemctl start filebeat
[root@al2-master ~]# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
   Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 09:06:34 UTC; 16s ago
     Docs: https://www.elastic.co/products/beats/filebeat
 Main PID: 57142 (filebeat)
   CGroup: /system.slice/filebeat.service
           └─57142 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/fileb...

Dec 02 09:06:34 al2-master systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..
[root@al2-master ~]#

Verify filebeat installation:

[root@al2-master ~]# filebeat test output
elasticsearch: https://192.168.1.198:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.1.198
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Cluster configuration 🟢

Creating random key:

[root@al2-master ~]# openssl rand -hex 16
525f3ae3a8451d56aa051e448e3298cf

Modifying cluster configuration:

  <cluster>
    <name>wazuh</name>
    <node_name>master-node</node_name>
    <node_type>master</node_type>
    <key>525f3ae3a8451d56aa051e448e3298cf</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
       	<node>192.168.1.201</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>

Restart the manager:

[root@al2-master ~]# systemctl restart wazuh-manager
[root@al2-master ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 09:39:29 UTC; 12s ago
  Process: 57242 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 57380 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-manager.service
           ├─57440 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─57482 /var/ossec/bin/wazuh-authd
           ├─57498 /var/ossec/bin/wazuh-db
           ├─57512 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─57515 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─57529 /var/ossec/bin/wazuh-execd
           ├─57545 /var/ossec/bin/wazuh-analysisd
           ├─57588 /var/ossec/bin/wazuh-syscheckd
           ├─57605 /var/ossec/bin/wazuh-remoted
           ├─57637 /var/ossec/bin/wazuh-logcollector
           ├─57662 /var/ossec/bin/wazuh-monitord
           ├─57682 /var/ossec/bin/wazuh-modulesd
           ├─57875 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
           ├─57887 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
           └─57890 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

Dec 02 09:39:19 al2-master env[57380]: Started wazuh-execd...
Dec 02 09:39:21 al2-master env[57380]: Started wazuh-analysisd...
Dec 02 09:39:22 al2-master env[57380]: Started wazuh-syscheckd...
Dec 02 09:39:23 al2-master env[57380]: Started wazuh-remoted...
Dec 02 09:39:24 al2-master env[57380]: Started wazuh-logcollector...
Dec 02 09:39:25 al2-master env[57380]: Started wazuh-monitord...
Dec 02 09:39:26 al2-master env[57380]: Started wazuh-modulesd...
Dec 02 09:39:27 al2-master env[57380]: Started wazuh-clusterd...
Dec 02 09:39:29 al2-master env[57380]: Completed.
Dec 02 09:39:29 al2-master systemd[1]: Started Wazuh manager.
[root@al2-master ~]#

Verify cluster status:

[root@al2-master ~]# /var/ossec/bin/cluster_control -l
NAME         TYPE    VERSION  ADDRESS
master-node  master  4.4.0    192.168.1.201
worker-node  worker  4.4.0    192.168.1.199
[root@al2-master ~]#
Wazuh manager (worker node)🟢

Wazuh manager (worker node)🟢

Followed the step-by-step documentation at:
https://documentation-dev.wazuh.com/v4.4.0-alpha1/installation-guide/wazuh-server/step-by-step.html

Installing the Wazuh manager 🟢

Added the repository:

[root@al2-worker ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@al2-worker ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@al2-worker ~]#

Installed the Wazuh manager package:

[root@al2-worker ~]# yum -y install wazuh-manager
Loaded plugins: langpacks, priorities, update-motd
amzn2-core                                                                                                      | 3.7 kB  00:00:00
amzn2extra-docker                                                                                               | 3.0 kB  00:00:00
wazuh                                                                                                           | 3.4 kB  00:00:00
wazuh/primary_db                                                                                                | 276 kB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                              Arch                          Version                         Repository                    Size
=======================================================================================================================================
Installing:
 wazuh-manager                        x86_64                        4.4.0-1                         wazuh                        116 M

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 116 M
Installed size: 444 M
Downloading packages:
wazuh-manager-4.4.0-1.x86_64.rpm                                                                                | 116 MB  00:00:38
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-manager-4.4.0-1.x86_64                                                                                        1/1
  Verifying  : wazuh-manager-4.4.0-1.x86_64                                                                                        1/1

Installed:
  wazuh-manager.x86_64 0:4.4.0-1

Complete!

Enabled the service and started the master node:

[root@al2-worker ~]# systemctl daemon-reload
[root@al2-worker ~]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@al2-worker ~]# systemctl start wazuh-manager
[root@al2-worker ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 08:54:48 UTC; 10s ago
  Process: 55956 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-manager.service
           ├─56015 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─56057 /var/ossec/bin/wazuh-authd
           ├─56073 /var/ossec/bin/wazuh-db
           ├─56087 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─56090 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─56104 /var/ossec/bin/wazuh-execd
           ├─56120 /var/ossec/bin/wazuh-analysisd
           ├─56164 /var/ossec/bin/wazuh-syscheckd
           ├─56180 /var/ossec/bin/wazuh-remoted
           ├─56213 /var/ossec/bin/wazuh-logcollector
           ├─56233 /var/ossec/bin/wazuh-monitord
           └─56258 /var/ossec/bin/wazuh-modulesd

Dec 02 08:54:40 al2-worker env[55956]: Started wazuh-execd...
Dec 02 08:54:41 al2-worker env[55956]: Started wazuh-analysisd...
Dec 02 08:54:42 al2-worker env[55956]: Started wazuh-syscheckd...
Dec 02 08:54:43 al2-worker env[55956]: Started wazuh-remoted...
Dec 02 08:54:44 al2-worker env[55956]: Started wazuh-logcollector...
Dec 02 08:54:45 al2-worker env[55956]: Started wazuh-monitord...
Dec 02 08:54:46 al2-worker env[55956]: Started wazuh-modulesd...
Dec 02 08:54:47 al2-worker crontab[56355]: (root) LIST (root)
Dec 02 08:54:48 al2-worker env[55956]: Completed.
Dec 02 08:54:48 al2-worker systemd[1]: Started Wazuh manager.
[root@al2-worker ~]#

Installing filebeat 🟢

Installed the filebeat package:

[root@al2-worker ~]# yum -y install filebeat
Loaded plugins: langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package filebeat.x86_64 0:7.10.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                          Arch                           Version                           Repository                     Size
=======================================================================================================================================
Installing:
 filebeat                         x86_64                         7.10.2-1                          wazuh                          21 M

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 21 M
Installed size: 70 M
Downloading packages:
filebeat-oss-7.10.2-x86_64.rpm                                                                                  |  21 MB  00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : filebeat-7.10.2-1.x86_64                                                                                            1/1
  Verifying  : filebeat-7.10.2-1.x86_64                                                                                            1/1

Installed:
  filebeat.x86_64 0:7.10.2-1

Complete!

Filebeat configuration 🟢

Downloaded the configuration file:

[root@al2-worker ~]# curl -so /etc/filebeat/filebeat.yml https://packages-dev.wazuh.com/4.4/tpl/wazuh/filebeat/filebeat.yml
[root@al2-worker ~]#

Modified the configuration:

[root@al2-worker ~]# head /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file
output.elasticsearch:
  hosts: ["192.168.1.198:9200"]
  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem
  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
[root@al2-worker ~]#

Configuring the credentials:

[root@al2-worker ~]# filebeat keystore create
Created filebeat keystore
[root@al2-worker ~]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@al2-worker ~]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@al2-worker ~]#

Download the alerts template:

[root@al2-worker ~]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.4/extensions/elasticsearch/7.x/wazuh-template.json
[root@al2-worker ~]# chmod go+r /etc/filebeat/wazuh-template.json
[root@al2-worker ~]#

Installed the Wazuh module for filebeat:

[root@al2-worker ~]# curl -s https://packages-dev.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml

Deploying certificates 🟢

[root@al2-worker ~]# NODE_NAME=server-2
[root@al2-worker ~]# mkdir /etc/filebeat/certs
[root@al2-worker ~]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@al2-worker ~]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@al2-worker ~]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@al2-worker ~]# chmod 500 /etc/filebeat/certs
[root@al2-worker ~]# chmod 400 /etc/filebeat/certs/*
[root@al2-worker ~]# chown -R root:root /etc/filebeat/certs
[root@al2-worker ~]#

Starting filebeat 🟢

[root@al2-worker ~]# systemctl daemon-reload
[root@al2-worker ~]# systemctl enable filebeat
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
[root@al2-worker ~]# systemctl start filebeat
[root@al2-worker ~]# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
   Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 09:06:36 UTC; 8s ago
     Docs: https://www.elastic.co/products/beats/filebeat
 Main PID: 57147 (filebeat)
   CGroup: /system.slice/filebeat.service
           └─57147 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/fileb...

Dec 02 09:06:36 al2-worker systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..
[root@al2-worker ~]#

Verify filebeat installation:

[root@al2-worker ~]# filebeat test output
elasticsearch: https://192.168.1.198:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.1.198
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@al2-worker ~]#

Cluster configuration 🟢

Modifying cluster configuration:

  <cluster>
    <name>wazuh</name>
    <node_name>worker-node</node_name>
    <node_type>worker</node_type>
    <key>525f3ae3a8451d56aa051e448e3298cf</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
       	<node>192.168.1.201</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>

Restart the manager:

[root@al2-worker ~]# systemctl restart wazuh-manager
[root@al2-worker ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 09:40:18 UTC; 17s ago
  Process: 57253 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 57395 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-manager.service
           ├─57455 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─57496 /var/ossec/bin/wazuh-authd
           ├─57512 /var/ossec/bin/wazuh-db
           ├─57526 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─57529 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─57543 /var/ossec/bin/wazuh-execd
           ├─57559 /var/ossec/bin/wazuh-analysisd
           ├─57602 /var/ossec/bin/wazuh-syscheckd
           ├─57618 /var/ossec/bin/wazuh-remoted
           ├─57652 /var/ossec/bin/wazuh-logcollector
           ├─57675 /var/ossec/bin/wazuh-monitord
           ├─57725 /var/ossec/bin/wazuh-modulesd
           ├─57926 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
           └─57958 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

Dec 02 09:40:09 al2-worker env[57395]: Started wazuh-execd...
Dec 02 09:40:10 al2-worker env[57395]: Started wazuh-analysisd...
Dec 02 09:40:11 al2-worker env[57395]: Started wazuh-syscheckd...
Dec 02 09:40:12 al2-worker env[57395]: Started wazuh-remoted...
Dec 02 09:40:14 al2-worker env[57395]: Started wazuh-logcollector...
Dec 02 09:40:15 al2-worker env[57395]: Started wazuh-monitord...
Dec 02 09:40:16 al2-worker env[57395]: Started wazuh-modulesd...
Dec 02 09:40:16 al2-worker env[57395]: Started wazuh-clusterd...
Dec 02 09:40:18 al2-worker env[57395]: Completed.
Dec 02 09:40:18 al2-worker systemd[1]: Started Wazuh manager.
[root@al2-worker ~]#

Verify cluster status:

[root@al2-worker ~]# /var/ossec/bin/cluster_control -l
NAME         TYPE    VERSION  ADDRESS
master-node  master  4.4.0    192.168.1.201
worker-node  worker  4.4.0    192.168.1.199
[root@al2-worker ~]#
Wazuh dashboard 🟢

Wazuh dashboard 🟢

Followed the step-by-step documentation at:
https://documentation-dev.wazuh.com/v4.4.0-alpha1/installation-guide/wazuh-dashboard/step-by-step.html

Dashboard installation 🟢

Installed dependency:

[root@al2-dashboard ~]# yum -y install libcap
Loaded plugins: langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package libcap.x86_64 0:2.22-9.amzn2.0.2 will be updated
---> Package libcap.x86_64 0:2.54-1.amzn2.0.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                     Arch                        Version                                 Repository                       Size
=======================================================================================================================================
Updating:
 libcap                      x86_64                      2.54-1.amzn2.0.1                        amzn2-core                       73 k

Transaction Summary
=======================================================================================================================================
Upgrade  1 Package

Total download size: 73 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
libcap-2.54-1.amzn2.0.1.x86_64.rpm                                                                              |  73 kB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libcap-2.54-1.amzn2.0.1.x86_64                                                                                      1/2
  Cleanup    : libcap-2.22-9.amzn2.0.2.x86_64                                                                                      2/2
  Verifying  : libcap-2.54-1.amzn2.0.1.x86_64                                                                                      1/2
  Verifying  : libcap-2.22-9.amzn2.0.2.x86_64                                                                                      2/2

Updated:
  libcap.x86_64 0:2.54-1.amzn2.0.1

Complete!
[root@al2-dashboard ~]#

Added the Wazuh repository:

[root@al2-dashboard ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@al2-dashboard ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@al2-dashboard ~]#

Installed the Wazuh dashboard:

[root@al2-dashboard ~]# yum -y install wazuh-dashboard
Loaded plugins: langpacks, priorities, update-motd
wazuh                                                                                                           | 3.4 kB  00:00:00
wazuh/primary_db                                                                                                | 276 kB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                               Arch                         Version                          Repository                   Size
=======================================================================================================================================
Installing:
 wazuh-dashboard                       x86_64                       4.4.0-1                          wazuh                       183 M

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 183 M
Installed size: 773 M
Downloading packages:
wazuh-dashboard-4.4.0-1.x86_64.rpm                                                                              | 183 MB  00:00:44
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.4.0-1.x86_64                                                                                      1/1
  Verifying  : wazuh-dashboard-4.4.0-1.x86_64                                                                                      1/1

Installed:
  wazuh-dashboard.x86_64 0:4.4.0-1

Complete!
[root@al2-dashboard ~]#

Dashboard configuration 🟢

Modified the file /etc/wazuh-dashboard/opensearch_dashboards.yml:

[root@al2-dashboard ~]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 192.168.1.200
server.port: 443
opensearch.hosts: https://192.168.1.198:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh

Deploying certificates 🟢

[root@al2-dashboard ~]# NODE_NAME=dashboard-1
[root@al2-dashboard ~]# mkdir /etc/wazuh-dashboard/certs
[root@al2-dashboard ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@al2-dashboard ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@al2-dashboard ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@al2-dashboard ~]# chmod 500 /etc/wazuh-dashboard/certs
[root@al2-dashboard ~]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@al2-dashboard ~]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@al2-dashboard ~]#

Starting the dashboard service 🟢

[root@al2-dashboard ~]# systemctl daemon-reload
[root@al2-dashboard ~]# systemctl enable wazuh-dashboard
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@al2-dashboard ~]# systemctl start wazuh-dashboard
[root@al2-dashboard ~]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 09:53:53 UTC; 11s ago
 Main PID: 55292 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─55292 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections...

Dec 02 09:54:00 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:00Z","tags":["info","s......"}
Dec 02 09:54:00 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:00Z","tags":["info","s...ons"}
Dec 02 09:54:00 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:00Z","tags":["info","s..._1."}
Dec 02 09:54:01 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:01Z","tags":["info","s..._1."}
Dec 02 09:54:01 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:01Z","tags":["info","s...ms."}
Dec 02 09:54:01 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:01Z","tags":["info","p...expre
Dec 02 09:54:01 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:01Z","tags":["listenin...443"}
Dec 02 09:54:01 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:01Z","tags":["info","h...443"}
Dec 02 09:54:01 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:01Z","tags":["error","...ror"}
Dec 02 09:54:01 al2-dashboard opensearch-dashboards[55292]: {"type":"log","@timestamp":"2022-12-02T09:54:01Z","tags":["error","...ror"}
Hint: Some lines were ellipsized, use -l to show in full.
[root@al2-dashboard ~]#

Screenshot of the UI after starting the service:
Screenshot 2022-12-02 at 10 58 08

Wazuh agent 🟢

Wazuh agent 🟢

Followed the installation guide at:
https://documentation-dev.wazuh.com/v4.4.0-alpha1/installation-guide/wazuh-agent/wazuh-agent-package-linux.html

Agent installation 🟢

Added the Wazuh repository:

[root@al2-agent ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@al2-agent ~]# cat > /etc/yum.repos.d/wazuh.repo << EOF
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-\$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
EOF
[root@al2-agent ~]#

Installing the agent:

[root@al2-agent ~]# WAZUH_MANAGER="192.168.1.199" yum install wazuh-agent
Loaded plugins: langpacks, priorities, update-motd
amzn2-core                                                                                                      | 3.7 kB  00:00:00
amzn2extra-docker                                                                                               | 3.0 kB  00:00:00
wazuh                                                                                                           | 3.4 kB  00:00:00
wazuh/primary_db                                                                                                | 278 kB  00:00:01
Resolving Dependencies
--> Running transaction check
---> Package wazuh-agent.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                            Arch                          Version                           Repository                    Size
=======================================================================================================================================
Installing:
 wazuh-agent                        x86_64                        4.4.0-1                           wazuh                        8.5 M

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 8.5 M
Installed size: 25 M
Is this ok [y/d/N]: y
Downloading packages:
wazuh-agent-4.4.0-1.x86_64.rpm                                                                                  | 8.5 MB  00:00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-agent-4.4.0-1.x86_64                                                                                          1/1
  Verifying  : wazuh-agent-4.4.0-1.x86_64                                                                                          1/1

Installed:
  wazuh-agent.x86_64 0:4.4.0-1

Complete!

Starting the agent 🟢

[root@al2-agent ~]# systemctl daemon-reload
[root@al2-agent ~]# systemctl enable wazuh-agent
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-agent.service to /usr/lib/systemd/system/wazuh-agent.service.
[root@al2-agent ~]# systemctl start wazuh-agent
[root@al2-agent ~]# systemctl status wazuh-agent
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 10:01:14 UTC; 6s ago
  Process: 9123 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-agent.service
           ├─9151 /var/ossec/bin/wazuh-execd
           ├─9162 /var/ossec/bin/wazuh-agentd
           ├─9177 /var/ossec/bin/wazuh-syscheckd
           ├─9189 /var/ossec/bin/wazuh-logcollector
           ├─9198 /var/ossec/bin/wazuh-modulesd
           ├─9339 sh -c  yum check-updates --security | grep "No packages"
           ├─9341 /usr/bin/python /usr/bin/yum check-updates --security
           └─9342 grep No packages

Dec 02 10:01:08 al2-agent systemd[1]: Starting Wazuh agent...
Dec 02 10:01:08 al2-agent env[9123]: Starting Wazuh v4.4.0...
Dec 02 10:01:09 al2-agent env[9123]: Started wazuh-execd...
Dec 02 10:01:10 al2-agent env[9123]: Started wazuh-agentd...
Dec 02 10:01:11 al2-agent env[9123]: Started wazuh-syscheckd...
Dec 02 10:01:11 al2-agent env[9123]: Started wazuh-logcollector...
Dec 02 10:01:12 al2-agent env[9123]: Started wazuh-modulesd...
Dec 02 10:01:12 al2-agent crontab[9289]: (root) LIST (root)
Dec 02 10:01:14 al2-agent env[9123]: Completed.
Dec 02 10:01:14 al2-agent systemd[1]: Started Wazuh agent.
[root@al2-agent ~]#

The agent is properly registered through the cluster.

Logs from worker node

2022/12/02 10:01:09 wazuh-authd: INFO: New connection from 192.168.1.171
2022/12/02 10:01:09 wazuh-authd: INFO: Received request for a new agent (al2-agent) from: 192.168.1.171
2022/12/02 10:01:09 wazuh-authd: INFO: Dispatching request to master node
2022/12/02 10:01:09 wazuh-authd: INFO: Agent key generated for 'al2-agent' (requested by any)
2022/12/02 10:01:22 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2022/12/02 10:01:22 wazuh-remoted: INFO: (1410): Reading authentication keys file.

Logs from master node

2022/12/02 10:01:09 wazuh-authd: INFO: Agent key generated for agent 'al2-agent' (requested locally)
2022/12/02 10:01:12 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2022/12/02 10:01:12 wazuh-remoted: INFO: (1410): Reading authentication keys file.

It is connected to the worker node:

[root@al2-master ~]# /var/ossec/bin/cluster_control -a
ID   NAME        IP             STATUS  VERSION       NODE NAME
000  al2-master  127.0.0.1      active  Wazuh v4.4.0  master-node
001  al2-agent   192.168.1.171  active  Wazuh v4.4.0  worker-node

Screenshot from the UI:
Screenshot 2022-12-02 at 12 13 36

@chemamartinez
Copy link
Contributor

chemamartinez commented Dec 2, 2022
edited
Loading

Wazuh indexer package information 🟢

The package specs are:

[root@al2-indexer ~]# rpm -qi wazuh-indexer
Name        : wazuh-indexer
Version     : 4.4.0
Release     : 1
Architecture: x86_64
Install Date: Fri 02 Dec 2022 08:33:44 AM UTC
Group       : System Environment/Daemons
Size        : 675161741
License     : GPL
Signature   : RSA/SHA256, Tue 29 Nov 2022 10:23:19 AM UTC, Key ID 96b3ee5f29111145
Source RPM  : wazuh-indexer-4.4.0-1.src.rpm
Build Date  : Tue 29 Nov 2022 09:47:55 AM UTC
Build Host  : ip-172-31-70-151.ec2.internal
Relocations : (not relocatable)
Packager    : Wazuh, Inc <[email protected]>
Vendor      : Wazuh, Inc <[email protected]>
URL         : https://www.wazuh.com/
Summary     : Wazuh indexer is a search and analytics engine for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
Description :
Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform. This Wazuh central component indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
  • Package size (4% heavier than 4.3.10 package) 🟢
  • Package description and metadata 🟢
  • Package signature 🟢

@chemamartinez
Copy link
Contributor

Installed files location, size, and permissions 🟢

Content of /usr/share/wazuh-indexer 
[root@al2-indexer ~]# tree -pugh --du /usr/share/wazuh-indexer/
/usr/share/wazuh-indexer/
├── [drwxr-x--- wazuh-in wazuh-in  22K]  bin
│   ├── [-rwxr-x--- wazuh-in wazuh-in 5.9K]  indexer-security-init.sh
│   ├── [-rwxr-x--- wazuh-in wazuh-in 3.0K]  opensearch
│   ├── [-rwxr-x--- wazuh-in wazuh-in 1.1K]  opensearch-cli
│   ├── [-rwxr-x--- wazuh-in wazuh-in 5.2K]  opensearch-env
│   ├── [-rwxr-x--- wazuh-in wazuh-in 1.8K]  opensearch-env-from-file
│   ├── [-rwxr-x--- wazuh-in wazuh-in  218]  opensearch-keystore
│   ├── [-rwxr-x--- wazuh-in wazuh-in  151]  opensearch-node
│   ├── [drwxr-x--- wazuh-in wazuh-in 2.9K]  opensearch-performance-analyzer
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in 1.8K]  performance-analyzer-agent
│   │   └── [-rwxr-x--- wazuh-in wazuh-in 1.0K]  performance-analyzer-agent-cli
│   ├── [-rwxr-x--- wazuh-in wazuh-in  206]  opensearch-plugin
│   ├── [-rwxr-x--- wazuh-in wazuh-in  144]  opensearch-shard
│   ├── [-rwxr-x--- wazuh-in wazuh-in  207]  opensearch-upgrade
│   └── [-rwxr-x--- wazuh-in wazuh-in  583]  systemd-entrypoint
├── [drwxr-x--- wazuh-in wazuh-in 265M]  jdk
│   ├── [drwxr-x--- wazuh-in wazuh-in 468K]  bin
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jar
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jarsigner
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  java
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  javac
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  javadoc
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  javap
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jcmd
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jconsole
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jdb
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jdeprscan
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jdeps
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jfr
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jhsdb
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jimage
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jinfo
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jlink
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jmap
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jmod
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jpackage
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jps
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jrunscript
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jshell
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jstack
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jstat
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  jstatd
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  keytool
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  17K]  rmiregistry
│   │   └── [-rwxr-x--- wazuh-in wazuh-in  17K]  serialver
│   ├── [drwxr-x--- wazuh-in wazuh-in  97K]  conf
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.7K]  logging.properties
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  24K]  management
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 3.9K]  jmxremote.access
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 5.6K]  jmxremote.password.template
│   │   │   └── [-rw-r----- wazuh-in wazuh-in  14K]  management.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 6.5K]  net.properties
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 1.5K]  sdp
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.4K]  sdp.conf.template
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  62K]  security
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 2.1K]  java.policy
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  56K]  java.security
│   │   │   └── [drwxr-x--- wazuh-in wazuh-in 4.2K]  policy
│   │   │       ├── [drwxr-x--- wazuh-in wazuh-in 1.4K]  limited
│   │   │       │   ├── [-rw-r----- wazuh-in wazuh-in  647]  default_local.policy
│   │   │       │   ├── [-rw-r----- wazuh-in wazuh-in  146]  default_US_export.policy
│   │   │       │   └── [-rw-r----- wazuh-in wazuh-in  566]  exempt_local.policy
│   │   │       ├── [-rw-r----- wazuh-in wazuh-in 2.3K]  README.txt
│   │   │       └── [drwxr-x--- wazuh-in wazuh-in  405]  unlimited
│   │   │           ├── [-rw-r----- wazuh-in wazuh-in  193]  default_local.policy
│   │   │           └── [-rw-r----- wazuh-in wazuh-in  146]  default_US_export.policy
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.2K]  sound.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in 204K]  include
│   │   ├── [-rw-r----- wazuh-in wazuh-in  22K]  classfile_constants.h
│   │   ├── [-rw-r----- wazuh-in wazuh-in  12K]  jawt.h
│   │   ├── [-rw-r----- wazuh-in wazuh-in 8.0K]  jdwpTransport.h
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  jni.h
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.7K]  jvmticmlr.h
│   │   ├── [-rw-r----- wazuh-in wazuh-in  80K]  jvmti.h
│   │   └── [drwxr-x--- wazuh-in wazuh-in 4.1K]  linux
│   │       ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  jawt_md.h
│   │       └── [-rw-r----- wazuh-in wazuh-in 2.2K]  jni_md.h
│   ├── [drwxr-x--- wazuh-in wazuh-in  76M]  jmods
│   │   ├── [-rw-r----- wazuh-in wazuh-in  21M]  java.base.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 128K]  java.compiler.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  58K]  java.datatransfer.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  13M]  java.desktop.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  46K]  java.instrument.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 125K]  java.logging.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 882K]  java.management.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  97K]  java.management.rmi.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 463K]  java.naming.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 728K]  java.net.http.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  68K]  java.prefs.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 266K]  java.rmi.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  47K]  java.scripting.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 603K]  java.security.jgss.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  87K]  java.security.sasl.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 9.6K]  java.se.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  62K]  java.smartcardio.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  82K]  java.sql.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 216K]  java.sql.rowset.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  11K]  java.transaction.xa.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 662K]  java.xml.crypto.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 5.0M]  java.xml.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  57K]  jdk.accessibility.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  37K]  jdk.attach.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.1M]  jdk.charsets.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 8.8M]  jdk.compiler.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 369K]  jdk.crypto.cryptoki.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 135K]  jdk.crypto.ec.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 162K]  jdk.dynalink.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  15K]  jdk.editpad.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.2M]  jdk.hotspot.agent.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 111K]  jdk.httpserver.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 318K]  jdk.incubator.foreign.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.0M]  jdk.incubator.vector.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  15K]  jdk.internal.ed.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 100K]  jdk.internal.jvmstat.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 412K]  jdk.internal.le.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  88K]  jdk.internal.opt.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 441K]  jdk.internal.vm.ci.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 9.4K]  jdk.internal.vm.compiler.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 9.4K]  jdk.internal.vm.compiler.management.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 260K]  jdk.jartool.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.3M]  jdk.javadoc.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 136K]  jdk.jcmd.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 467K]  jdk.jconsole.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 729K]  jdk.jdeps.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 830K]  jdk.jdi.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 147K]  jdk.jdwp.agent.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 630K]  jdk.jfr.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 408K]  jdk.jlink.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 720K]  jdk.jpackage.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 670K]  jdk.jshell.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  10K]  jdk.jsobject.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  37K]  jdk.jstatd.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 9.8M]  jdk.localedata.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  95K]  jdk.management.agent.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  61K]  jdk.management.jfr.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  76K]  jdk.management.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  jdk.naming.dns.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  30K]  jdk.naming.rmi.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  31K]  jdk.net.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in 10.0K]  jdk.nio.mapmode.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  29K]  jdk.random.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  91K]  jdk.sctp.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  72K]  jdk.security.auth.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  32K]  jdk.security.jgss.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  21K]  jdk.unsupported.desktop.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  24K]  jdk.unsupported.jmod
│   │   ├── [-rw-r----- wazuh-in wazuh-in  49K]  jdk.xml.dom.jmod
│   │   └── [-rw-r----- wazuh-in wazuh-in 110K]  jdk.zipfs.jmod
│   ├── [drwxr-x--- wazuh-in wazuh-in 161K]  legal
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  66K]  java.base
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 2.1K]  ADDITIONAL_LICENSE_INFO
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4K]  aes.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5K]  asm.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5K]  ASSEMBLY_EXCEPTION
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 8.9K]  cldr.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5K]  c-libutl.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  11K]  icu.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  19K]  LICENSE
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  public_suffix.md
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 2.3K]  unicode.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.compiler
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.datatransfer
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  21K]  java.desktop
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  167]  colorimaging.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 1.3K]  giflib.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 2.8K]  harfbuzz.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 3.4K]  jpeg.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 1.2K]  lcms.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 5.3K]  libpng.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 5.6K]  mesa3d.md
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.3K]  xwd.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.instrument
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.logging
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.management
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.management.rmi
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.naming
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.net.http
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.prefs
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.rmi
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.scripting
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.security.sasl
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 1.6K]  java.smartcardio
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.6K]  pcsclite.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.sql
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.sql.rowset
│   │   ├── [drwxr-x--- wazuh-in wazuh-in    6]  java.transaction.xa
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  40K]  java.xml
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  11K]  bcel.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 3.0K]  dom.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 1.1K]  jcup.md
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  13K]  xalan.md
│   │   │   └── [-rw-r----- wazuh-in wazuh-in  12K]  xerces.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  11K]  java.xml.crypto
│   │   │   └── [-rw-r----- wazuh-in wazuh-in  11K]  santuario.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 6.0K]  jdk.crypto.cryptoki
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 3.8K]  pkcs11cryptotoken.md
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 2.1K]  pkcs11wrapper.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 1.5K]  jdk.dynalink
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.5K]  dynalink.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 1.6K]  jdk.internal.le
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.5K]  jline.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 1.1K]  jdk.internal.opt
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.1K]  jopt-simple.md
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 4.7K]  jdk.javadoc
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 2.9K]  jquery.md
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.8K]  jqueryUI.md
│   │   └── [drwxr-x--- wazuh-in wazuh-in 1.3K]  jdk.localedata
│   │       └── [-rw-r----- wazuh-in wazuh-in 1.3K]  thaidict.md
│   ├── [drwxr-x--- wazuh-in wazuh-in 187M]  lib
│   │   ├── [-rw-r----- wazuh-in wazuh-in  70K]  classlist
│   │   ├── [-rw-r----- wazuh-in wazuh-in 7.9M]  ct.sym
│   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  jexec
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  69K]  jfr
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  35K]  default.jfc
│   │   │   └── [-rw-r----- wazuh-in wazuh-in  35K]  profile.jfc
│   │   ├── [-rw-r----- wazuh-in wazuh-in 108K]  jrt-fs.jar
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in  22K]  jspawnhelper
│   │   ├── [-rw-r----- wazuh-in wazuh-in   29]  jvm.cfg
│   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  libattach.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  46K]  libawt_headless.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 851K]  libawt.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 472K]  libawt_xawt.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  36K]  libdt_socket.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  libextnet.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.8M]  libfontmanager.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  54K]  libinstrument.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  50K]  libj2gss.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  22K]  libj2pcsc.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  95K]  libj2pkcs11.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  libjaas.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 235K]  libjavajpeg.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 193K]  libjava.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  libjawt.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 284K]  libjdwp.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 147K]  libjimage.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  81K]  libjli.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  libjsig.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  84K]  libjsound.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 851K]  libjsvml.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 511K]  liblcms.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  libmanagement_agent.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  37K]  libmanagement_ext.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  29K]  libmanagement.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 593K]  libmlib_image.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 107K]  libnet.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 107K]  libnio.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  libprefs.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  librmi.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 181K]  libsaproc.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  36K]  libsctp.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 365K]  libsplashscreen.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  15K]  libsyslookup.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  63K]  libverify.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  41K]  libzip.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in 124M]  modules
│   │   ├── [-rw-r----- wazuh-in wazuh-in  11K]  psfontj2d.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 3.7K]  psfont.properties.ja
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 402K]  security
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 2.4K]  blocked.certs
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 162K]  cacerts
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 9.8K]  default.policy
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 227K]  public_suffix_list.dat
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  48M]  server
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  13M]  classes.jsa
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  12M]  classes_nocoops.jsa
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  libjsig.so
│   │   │   └── [-rw-r----- wazuh-in wazuh-in  23M]  libjvm.so
│   │   └── [-rw-r----- wazuh-in wazuh-in 104K]  tzdb.dat
│   ├── [drwxr-x--- wazuh-in wazuh-in 723K]  man
│   │   └── [drwxr-x--- wazuh-in wazuh-in 723K]  man1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  11K]  jar.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  55K]  jarsigner.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 184K]  java.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  83K]  javac.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  46K]  javadoc.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 7.6K]  javap.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  34K]  jcmd.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 3.6K]  jconsole.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 8.7K]  jdb.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 8.0K]  jdeprscan.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  12K]  jdeps.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 8.8K]  jfr.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 7.2K]  jhsdb.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 3.4K]  jinfo.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  12K]  jlink.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 3.4K]  jmap.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  12K]  jmod.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  14K]  jpackage.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 8.3K]  jps.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 5.2K]  jrunscript.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  43K]  jshell.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 3.0K]  jstack.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in  24K]  jstat.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 7.7K]  jstatd.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 109K]  keytool.1
│   │       ├── [-rw-r----- wazuh-in wazuh-in 3.2K]  rmiregistry.1
│   │       └── [-rw-r----- wazuh-in wazuh-in 2.8K]  serialver.1
│   ├── [-rw-r----- wazuh-in wazuh-in 2.4K]  NOTICE
│   └── [-rw-r----- wazuh-in wazuh-in 1.5K]  release
├── [drwxr-x--- wazuh-in wazuh-in  34M]  lib
│   ├── [-rw-r----- wazuh-in wazuh-in 170K]  HdrHistogram-2.1.12.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 1.1M]  hppc-0.8.1.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 366K]  jackson-core-2.13.3.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  62K]  jackson-dataformat-cbor-2.13.3.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  94K]  jackson-dataformat-smile-2.13.3.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  51K]  jackson-dataformat-yaml-2.13.3.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 7.1K]  java-version-checker-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  jna-5.5.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 629K]  joda-time-2.10.12.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  76K]  jopt-simple-5.0.4.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 779K]  jts-core-1.15.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 295K]  log4j-api-2.17.1.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 1.7M]  log4j-core-2.17.1.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 1.8M]  lucene-analysis-common-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 535K]  lucene-backward-codecs-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 3.4M]  lucene-core-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  95K]  lucene-grouping-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 263K]  lucene-highlighter-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 151K]  lucene-join-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  50K]  lucene-memory-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  94K]  lucene-misc-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 484K]  lucene-queries-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 412K]  lucene-queryparser-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 248K]  lucene-sandbox-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 307K]  lucene-spatial3d-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 235K]  lucene-spatial-extras-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 234K]  lucene-suggest-9.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  13M]  opensearch-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  18K]  opensearch-cli-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  49K]  opensearch-core-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  45K]  opensearch-geo-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  20K]  opensearch-launchers-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 6.4K]  opensearch-plugin-classloader-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  12K]  opensearch-secure-sm-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 143K]  opensearch-x-content-2.3.0.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 325K]  snakeyaml-1.31.jar
│   ├── [-rw-r----- wazuh-in wazuh-in 200K]  spatial4j-0.7.jar
│   ├── [-rw-r----- wazuh-in wazuh-in  50K]  t-digest-3.2.jar
│   └── [drwxr-x--- wazuh-in wazuh-in 5.8M]  tools
│       ├── [drwxr-x--- wazuh-in wazuh-in  16K]  keystore-cli
│       │   └── [-rw-r----- wazuh-in wazuh-in  16K]  keystore-cli-2.3.0.jar
│       ├── [drwxr-x--- wazuh-in wazuh-in 3.9M]  plugin-cli
│       │   ├── [-rw-r----- wazuh-in wazuh-in 3.6M]  bc-fips-1.0.2.3.jar
│       │   ├── [-rw-r----- wazuh-in wazuh-in 268K]  bcpg-fips-1.0.5.1.jar
│       │   └── [-rw-r----- wazuh-in wazuh-in  36K]  opensearch-plugin-cli-2.3.0.jar
│       └── [drwxr-x--- wazuh-in wazuh-in 1.9M]  upgrade-cli
│           ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.3.jar
│           ├── [-rw-r----- wazuh-in wazuh-in 366K]  jackson-core-2.13.3.jar
│           ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.3.jar
│           └── [-rw-r----- wazuh-in wazuh-in  31K]  opensearch-upgrade-cli-2.3.0.jar
├── [-rw-r----- wazuh-in wazuh-in  11K]  LICENSE.txt
├── [drwxr-x--- wazuh-in wazuh-in  85M]  modules
│   ├── [drwxr-x--- wazuh-in wazuh-in  58K]  aggs-matrix-stats
│   │   ├── [-rw-r----- wazuh-in wazuh-in  56K]  aggs-matrix-stats-client-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in 190K]  analysis-common
│   │   ├── [-rw-r----- wazuh-in wazuh-in 188K]  analysis-common-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in  80K]  geo
│   │   ├── [-rw-r----- wazuh-in wazuh-in  78K]  geo-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in 2.0M]  ingest-common
│   │   ├── [-rw-r----- wazuh-in wazuh-in 118K]  ingest-common-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  jcodings-1.0.44.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 209K]  joni-2.1.43.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  23K]  opensearch-dissect-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  47K]  opensearch-grok-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 2.0K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in  72M]  ingest-geoip
│   │   ├── [-rw-r----- wazuh-in wazuh-in  55K]  geoip2-3.0.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 6.3M]  GeoLite2-ASN.mmdb
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60M]  GeoLite2-City.mmdb
│   │   ├── [-rw-r----- wazuh-in wazuh-in 3.8M]  GeoLite2-Country.mmdb
│   │   ├── [-rw-r----- wazuh-in wazuh-in  27K]  ingest-geoip-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  30K]  maxmind-db-2.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.7K]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in  67K]  ingest-user-agent
│   │   ├── [-rw-r----- wazuh-in wazuh-in  65K]  ingest-user-agent-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in 714K]  lang-expression
│   │   ├── [-rw-r----- wazuh-in wazuh-in 329K]  antlr4-runtime-4.9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 119K]  asm-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  71K]  asm-commons-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  51K]  asm-tree-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  65K]  lang-expression-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  lucene-expressions-9.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.8K]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in 174K]  lang-mustache
│   │   ├── [-rw-r----- wazuh-in wazuh-in 109K]  compiler-0.9.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  61K]  lang-mustache-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.2K]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in 1.7M]  lang-painless
│   │   ├── [-rw-r----- wazuh-in wazuh-in 329K]  antlr4-runtime-4.9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 119K]  asm-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  33K]  asm-analysis-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  71K]  asm-commons-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  51K]  asm-tree-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  84K]  asm-util-9.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.0M]  lang-painless-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  30K]  opensearch-scripting-painless-spi-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.3K]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in  84K]  mapper-extras
│   │   ├── [-rw-r----- wazuh-in wazuh-in  82K]  mapper-extras-client-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in 2.2M]  opensearch-dashboards
│   │   ├── [-rw-r----- wazuh-in wazuh-in 346K]  commons-codec-1.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60K]  commons-logging-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 177K]  httpasyncclient-4.1.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 361K]  httpcore-nio-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 9.0K]  opensearch-dashboards-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  opensearch-rest-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  66K]  opensearch-ssl-config-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in 118K]  reindex-client-2.3.0.jar
│   ├── [drwxr-x--- wazuh-in wazuh-in  87K]  parent-join
│   │   ├── [-rw-r----- wazuh-in wazuh-in  85K]  parent-join-client-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in  74K]  percolator
│   │   ├── [-rw-r----- wazuh-in wazuh-in  72K]  percolator-client-2.3.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in  82K]  rank-eval
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in  80K]  rank-eval-client-2.3.0.jar
│   ├── [drwxr-x--- wazuh-in wazuh-in 2.2M]  reindex
│   │   ├── [-rw-r----- wazuh-in wazuh-in 346K]  commons-codec-1.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60K]  commons-logging-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 177K]  httpasyncclient-4.1.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 361K]  httpcore-nio-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  opensearch-rest-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  66K]  opensearch-ssl-config-2.3.0.jar
│   │   ├── [drwxr-x--- wazuh-in wazuh-in 1.9K]  parent-join
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5K]  plugin-security.policy
│   │   ├── [-rw-r----- wazuh-in wazuh-in 118K]  reindex-client-2.3.0.jar
│   │   └── [drwxr-x--- wazuh-in wazuh-in 3.8K]  transport-netty4
│   │       ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │       └── [-rw-r----- wazuh-in wazuh-in 1.8K]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in  18K]  repository-url
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.1K]  plugin-security.policy
│   │   └── [-rw-r----- wazuh-in wazuh-in  15K]  repository-url-2.3.0.jar
│   ├── [drwxr-x--- wazuh-in wazuh-in  12K]  systemd
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.8K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.2K]  plugin-security.policy
│   │   └── [-rw-r----- wazuh-in wazuh-in 8.7K]  systemd-2.3.0.jar
│   └── [drwxr-x--- wazuh-in wazuh-in 3.0M]  transport-netty4
│       ├── [-rw-r----- wazuh-in wazuh-in 297K]  netty-buffer-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 329K]  netty-codec-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 625K]  netty-codec-http-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 638K]  netty-common-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 521K]  netty-handler-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  37K]  netty-resolver-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 471K]  netty-transport-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  42K]  netty-transport-native-unix-common-4.1.79.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│       ├── [-rw-r----- wazuh-in wazuh-in 1.8K]  plugin-security.policy
│       └── [-rw-r----- wazuh-in wazuh-in  72K]  transport-netty4-client-2.3.0.jar
├── [-rw-r----- wazuh-in wazuh-in 211K]  NOTICE.txt
├── [drwxr-x--- wazuh-in wazuh-in  33M]  performance-analyzer-rca
│   ├── [drwxr-x--- wazuh-in wazuh-in  12K]  bin
│   │   ├── [-rwxr-x--- wazuh-in wazuh-in 1.8K]  performance-analyzer-agent
│   │   └── [-rwxr-x--- wazuh-in wazuh-in 10.0K]  performance-analyzer-rca
│   ├── [drwxr-x--- wazuh-in wazuh-in  17K]  config
│   │   ├── [-rw-r----- wazuh-in wazuh-in  104]  agent-stats-metadata
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.0K]  log4j2.xml
│   │   ├── [-rw-r----- wazuh-in wazuh-in  432]  opensearch_security.policy
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6K]  performance-analyzer.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in  106]  plugin-stats-metadata
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.9K]  rca.conf
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.3K]  rca_idle_master.conf
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.3K]  rca_master.conf
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.3K]  supervisord.conf
│   └── [drwxr-x--- wazuh-in wazuh-in  33M]  lib
│       ├── [-rw-r----- wazuh-in wazuh-in 3.4K]  animal-sniffer-annotations-1.19.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 3.0K]  annotations-4.1.1.4.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 941K]  bcpkix-jdk15on-1.70.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 5.6M]  bcprov-jdk15on-1.70.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 471K]  bcutil-jdk15on-1.70.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 5.7K]  checker-compat-qual-2.5.5.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 209K]  checker-qual-3.5.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 270K]  commons-io-2.7.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 492K]  commons-lang3-3.9.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  16K]  error_prone_annotations-2.9.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  failureaccess-1.0.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 248K]  grpc-api-1.44.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  30K]  grpc-context-1.44.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 670K]  grpc-core-1.44.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 275K]  grpc-netty-1.44.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 5.0K]  grpc-protobuf-1.44.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 7.4K]  grpc-protobuf-lite-1.44.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  49K]  grpc-stub-1.44.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 252K]  gson-2.8.9.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 2.6M]  guava-30.1.1-android.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 8.6K]  j2objc-annotations-1.3.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 366K]  jackson-core-2.13.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.2.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  26K]  javax.annotation-api-1.3.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 2.0M]  jooq-3.10.8.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  19K]  jsr305-3.0.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 2.1K]  listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 295K]  log4j-api-2.17.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.7M]  log4j-core-2.17.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 295K]  netty-buffer-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 329K]  netty-codec-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 460K]  netty-codec-http2-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 620K]  netty-codec-http-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 116K]  netty-codec-socks-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 631K]  netty-common-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 510K]  netty-handler-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  23K]  netty-handler-proxy-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  36K]  netty-resolver-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  33K]  netty-tcnative-classes-2.0.46.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 470K]  netty-transport-4.1.72.Final.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 6.2K]  perfmark-api-0.23.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  performance-analyzer-rca-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  protobuf-java-3.19.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  proto-google-common-protos-2.0.1.jar
│       └── [-rw-r----- wazuh-in wazuh-in 6.9M]  sqlite-jdbc-3.32.3.2.jar
├── [drwxr-x--- wazuh-in wazuh-in 227M]  plugins
│   ├── [drwxr-x--- wazuh-in wazuh-in  12M]  opensearch-alerting
│   │   ├── [-rw-r----- wazuh-in wazuh-in 147K]  alerting-core-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  annotations-13.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 209K]  checker-qual-3.5.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 241K]  commons-beanutils-1.9.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 336K]  commons-codec-1.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 575K]  commons-collections-3.2.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 192K]  commons-digester-2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60K]  commons-logging-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 185K]  commons-validator-1.7.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 164K]  cron-utils-9.1.6.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  14K]  error_prone_annotations-2.3.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  failureaccess-1.0.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 244K]  google-java-format-1.10.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.7M]  guava-30.0-jre.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 177K]  httpasyncclient-4.1.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 361K]  httpcore-nio-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 849K]  ipaddress-5.3.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 8.6K]  j2objc-annotations-1.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 764K]  javassist-3.27.0-GA.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 219K]  javax.el-3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  19K]  jsr305-3.0.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  kotlin-stdlib-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 196K]  kotlin-stdlib-common-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  22K]  kotlin-stdlib-jdk7-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  kotlin-stdlib-jdk8-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 797K]  kotlinx-coroutines-core-1.1.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  94K]  kotlinx-coroutines-core-common-1.1.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.1K]  listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.0M]  opensearch-alerting-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  opensearch-rest-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  72K]  percolator-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in  327]  plugin-security.policy
│   │   └── [-rw-r----- wazuh-in wazuh-in  40K]  slf4j-api-1.7.30.jar
│   ├── [drwxr-x--- wazuh-in wazuh-in  14M]  opensearch-anomaly-detection
│   │   ├── [-rw-r----- wazuh-in wazuh-in 346K]  commons-codec-1.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 278K]  commons-lang-2.6.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 574K]  commons-lang3-3.12.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60K]  commons-logging-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.1M]  commons-math3-3.6.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 138K]  commons-pool2-2.10.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  failureaccess-1.0.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 252K]  gson-2.8.9.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.8M]  guava-31.0.1-jre.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 177K]  httpasyncclient-4.1.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 361K]  httpcore-nio-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.2.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 832K]  javassist-3.28.0-GA.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 102K]  memory-0.12.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 989K]  opensearch-anomaly-detection-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  opensearch-rest-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 251K]  org.jacoco.agent-0.8.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  35K]  org.jacoco.ant-0.8.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1015]  plugin-security.policy
│   │   ├── [-rw-r----- wazuh-in wazuh-in  58K]  protostuff-api-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  53K]  protostuff-collectionschema-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  64K]  protostuff-core-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 436K]  protostuff-runtime-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 240K]  randomcutforest-core-3.0-rc3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  70K]  randomcutforest-parkservices-3.0-rc3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  randomcutforest-serialization-3.0-rc3.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 657K]  sketches-core-0.13.4.jar
│   ├── [drwxr-x--- wazuh-in wazuh-in 486K]  opensearch-asynchronous-search
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 164K]  opensearch-asynchronous-search-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in  326]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in 5.1M]  opensearch-cross-cluster-replication
│   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  annotations-13.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 849K]  ipaddress-5.3.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  kotlin-stdlib-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 196K]  kotlin-stdlib-common-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  22K]  kotlin-stdlib-jdk7-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  kotlin-stdlib-jdk8-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  kotlinx-coroutines-core-jvm-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 924K]  opensearch-cross-cluster-replication-2.3.0.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in 674K]  opensearch-geospatial
│   │   ├── [-rw-r----- wazuh-in wazuh-in 574K]  commons-lang3-3.12.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 9.9K]  LICENSE.txt
│   │   ├── [-rw-r----- wazuh-in wazuh-in   71]  NOTICE.txt
│   │   ├── [-rw-r----- wazuh-in wazuh-in  88K]  opensearch-geospatial-2.3.0.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in 8.3M]  opensearch-index-management
│   │   ├── [-rw-r----- wazuh-in wazuh-in  17K]  annotations-13.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 336K]  commons-codec-1.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 849K]  ipaddress-5.3.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  kotlin-stdlib-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 196K]  kotlin-stdlib-common-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  22K]  kotlin-stdlib-jdk7-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  kotlinx-coroutines-core-jvm-1.3.9.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.4M]  opensearch-index-management-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  91K]  opensearch-index-management-spi-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in  327]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in 236K]  opensearch-job-scheduler
│   │   ├── [-rw-r----- wazuh-in wazuh-in  31K]  opensearch-job-scheduler-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 202K]  opensearch-job-scheduler-spi-2.3.0.0.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   ├── [drwxr-x--- wazuh-in wazuh-in  32M]  opensearch-knn
│   │   ├── [-rw-r----- wazuh-in wazuh-in 278K]  commons-lang-2.6.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  failureaccess-1.0.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.7M]  guava-30.0-jre.jar
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  29M]  lib
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 151K]  libgomp.so.1
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  57K]  libopensearchknn_common.so
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  26M]  libopensearchknn_faiss.so
│   │   │   └── [-rw-r----- wazuh-in wazuh-in 2.3M]  libopensearchknn_nmslib.so
│   │   ├── [-rw-r----- wazuh-in wazuh-in  11K]  LICENSE.txt
│   │   ├── [-rw-r----- wazuh-in wazuh-in   51]  NOTICE.txt
│   │   ├── [-rw-r----- wazuh-in wazuh-in 354K]  opensearch-knn-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in  233]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in  19M]  opensearch-ml
│   │   ├── [-rw-r----- wazuh-in wazuh-in 241K]  commons-beanutils-1.9.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 346K]  commons-codec-1.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 575K]  commons-collections-3.2.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 734K]  commons-collections4-4.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  commons-io-2.11.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 511K]  commons-lang3-3.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60K]  commons-logging-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.1M]  commons-math3-3.6.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 211K]  commons-text-1.9.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 243K]  gson-2.9.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.8M]  guava-31.0.1-jre.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 177K]  httpasyncclient-4.1.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 361K]  httpcore-nio-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 216K]  jansi-2.4.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 764K]  javassist-3.26.0-GA.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 257K]  jline-builtins-3.21.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 168K]  jline-reader-3.21.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  27K]  jline-style-3.21.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 223K]  jline-terminal-3.21.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  39K]  jline-terminal-jansi-3.21.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  39K]  libsvm-3.25.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 191K]  olcut-config-protobuf-5.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 290K]  olcut-core-5.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 225K]  opencsv-5.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 141K]  opensearch-ml-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  87K]  opensearch-ml-algorithms-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 219K]  opensearch-ml-common-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  opensearch-rest-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in  299]  plugin-security.policy
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  protobuf-java-3.19.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  58K]  protostuff-api-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  53K]  protostuff-collectionschema-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  64K]  protostuff-core-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 436K]  protostuff-runtime-1.8.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 240K]  randomcutforest-core-3.0-rc3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  70K]  randomcutforest-parkservices-3.0-rc3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  11K]  randomcutforest-testutils-3.0-rc3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 103K]  reflections-0.9.12.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  53K]  tribuo-anomaly-core-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  31K]  tribuo-anomaly-libsvm-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 139K]  tribuo-classification-core-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  92K]  tribuo-classification-sgd-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  54K]  tribuo-clustering-core-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  45K]  tribuo-clustering-kmeans-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  37K]  tribuo-common-libsvm-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  48K]  tribuo-common-sgd-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  46K]  tribuo-common-tree-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 327K]  tribuo-core-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 185K]  tribuo-data-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 125K]  tribuo-math-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  98K]  tribuo-regression-core-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  51K]  tribuo-regression-sgd-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  72K]  tribuo-util-infotheory-4.2.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 355K]  tribuo-util-onnx-4.2.1.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in  69K]  tribuo-util-tokenization-4.2.1.jar
│   ├── [drwxr-x--- wazuh-in wazuh-in 2.3M]  opensearch-notifications
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 196K]  kotlin-stdlib-common-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  kotlinx-coroutines-core-jvm-1.4.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 240K]  opensearch-notifications-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in  11M]  opensearch-notifications-core
│   │   ├── [-rw-r----- wazuh-in wazuh-in  62K]  activation-1.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1006K]  aws-java-sdk-core-1.12.48.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 774K]  aws-java-sdk-ses-1.12.48.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 422K]  aws-java-sdk-sns-1.12.48.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 147K]  aws-java-sdk-sts-1.12.48.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60K]  commons-logging-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 644K]  javax.mail-1.6.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  kotlin-stdlib-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 196K]  kotlin-stdlib-common-1.6.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  72K]  opensearch-notifications-core-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.1M]  opensearch-notifications-core-spi-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in 6.6M]  opensearch-observability
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.8M]  guava-31.0.1-jre.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  kotlin-stdlib-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 196K]  kotlin-stdlib-common-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  kotlinx-coroutines-core-jvm-1.3.9.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 259K]  opensearch-observability-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in  411]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in  31M]  opensearch-performance-analyzer
│   │   ├── [-rw-r----- wazuh-in wazuh-in 3.4K]  animal-sniffer-annotations-1.19.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 3.0K]  annotations-4.1.1.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 941K]  bcpkix-jdk15on-1.70.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 5.6M]  bcprov-jdk15on-1.70.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 471K]  bcutil-jdk15on-1.70.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 209K]  checker-qual-3.5.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 270K]  commons-io-2.7.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 574K]  commons-lang3-3.12.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  16K]  error_prone_annotations-2.9.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  failureaccess-1.0.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 248K]  grpc-api-1.44.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  30K]  grpc-context-1.44.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 670K]  grpc-core-1.44.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 275K]  grpc-netty-1.44.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 5.0K]  grpc-protobuf-1.44.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 7.4K]  grpc-protobuf-lite-1.44.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  49K]  grpc-stub-1.44.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 252K]  gson-2.8.9.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.7M]  guava-30.1-jre.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 8.6K]  j2objc-annotations-1.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.2.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  43K]  jackson-module-paranamer-2.13.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  26K]  javax.annotation-api-1.3.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.0M]  jooq-3.10.8.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  19K]  jsr305-3.0.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.1K]  listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 297K]  netty-buffer-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 329K]  netty-codec-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 463K]  netty-codec-http2-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 625K]  netty-codec-http-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 116K]  netty-codec-socks-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 638K]  netty-common-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 521K]  netty-handler-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  23K]  netty-handler-proxy-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  37K]  netty-resolver-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 471K]  netty-transport-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  42K]  netty-transport-native-unix-common-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 156K]  opensearch-performance-analyzer-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 6.2K]  perfmark-api-0.23.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  performanceanalyzer-rca-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.3K]  plugin-security.policy
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  protobuf-java-3.19.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  proto-google-common-protos-2.0.1.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 6.9M]  sqlite-jdbc-3.32.3.2.jar
│   ├── [drwxr-x--- wazuh-in wazuh-in 7.5M]  opensearch-reports-scheduler
│   │   ├── [-rw-r----- wazuh-in wazuh-in 319K]  common-utils-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 252K]  gson-2.8.9.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.8M]  guava-31.0.1-jre.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  63K]  json-20180813.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 9.7K]  json-flattener-0.1.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 413K]  jsoup-1.14.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  kotlin-stdlib-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 196K]  kotlin-stdlib-common-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 130K]  kotlin-test-1.6.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.6M]  kotlinx-coroutines-core-jvm-1.3.9.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 285K]  opensearch-reports-scheduler-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   └── [-rw-r----- wazuh-in wazuh-in  411]  plugin-security.policy
│   ├── [drwxr-x--- wazuh-in wazuh-in  43M]  opensearch-security
│   │   ├── [-rw-r----- wazuh-in wazuh-in  29K]  accessors-smart-2.4.7.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  56K]  aggs-matrix-stats-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 119K]  asm-9.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 5.7M]  bcprov-jdk15on-1.67.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 209K]  checker-qual-3.5.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  52K]  commons-cli-1.3.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 340K]  commons-codec-1.14.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 575K]  commons-collections-3.2.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 256K]  commons-lang-2.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 424K]  commons-lang3-3.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  60K]  commons-logging-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 133K]  commons-text-1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 109K]  compiler-0.9.10.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 159K]  cryptacular-1.2.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  cxf-core-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  22K]  cxf-rt-rs-json-basic-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 229K]  cxf-rt-rs-security-jose-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  41K]  cxf-rt-security-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  14K]  error_prone_annotations-2.3.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  59K]  eventbus-3.2.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  failureaccess-1.0.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.7M]  guava-30.0-jre.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 177K]  httpasyncclient-4.1.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 160K]  httpclient-cache-4.5.13.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 361K]  httpcore-nio-4.4.15.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  29K]  istack-commons-runtime-3.0.12.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 8.6K]  j2objc-annotations-1.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  jakarta.activation-1.2.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  24K]  jakarta.annotation-api-1.3.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 113K]  jakarta.xml.bind-api-2.3.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  12K]  java-saml-2.5.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 111K]  java-saml-core-2.5.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 266K]  java-support-7.5.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1013K]  jaxb-runtime-2.3.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  73K]  jjwt-api-0.10.8.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  69K]  jjwt-impl-0.10.8.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.6K]  jjwt-jackson-0.10.8.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  25K]  json-flattener-0.5.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 218K]  json-path-2.4.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 116K]  json-smart-2.4.7.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  19K]  jsr305-3.0.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 4.6M]  kafka-clients-3.0.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  61K]  lang-mustache-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 784K]  ldaptive-1.2.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 2.1K]  listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 635K]  lz4-java-1.7.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  82K]  mapper-extras-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 110K]  metrics-core-3.1.2.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  33K]  minimal-json-0.9.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 297K]  netty-buffer-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 329K]  netty-codec-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 625K]  netty-codec-http-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 638K]  netty-common-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 521K]  netty-handler-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  37K]  netty-resolver-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 471K]  netty-transport-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  42K]  netty-transport-native-unix-common-4.1.79.Final.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 178K]  opensaml-core-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  55K]  opensaml-messaging-api-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  30K]  opensaml-profile-api-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 398K]  opensaml-saml-api-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.1M]  opensaml-saml-impl-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  65K]  opensaml-security-api-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 109K]  opensaml-security-impl-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 166K]  opensaml-soap-api-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 394K]  opensaml-soap-impl-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  23K]  opensaml-storage-api-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 205K]  opensaml-xmlsec-api-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 290K]  opensaml-xmlsec-impl-3.4.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  67K]  opensearch-rest-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 301K]  opensearch-rest-high-level-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.1M]  opensearch-security-2.3.0.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  85K]  parent-join-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  plugin-descriptor.properties
│   │   ├── [-rw-r----- wazuh-in wazuh-in 3.2K]  plugin-security.policy
│   │   ├── [-rw-r----- wazuh-in wazuh-in  80K]  rank-eval-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  40K]  slf4j-api-1.7.30.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.9M]  snappy-java-1.1.8.1.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 191K]  stax2-api-4.2.1.jar
│   │   ├── [drwxr-x--- wazuh-in wazuh-in  79K]  tools
│   │   │   ├── [-rwxr----- wazuh-in wazuh-in 1.4K]  audit_config_migrater.sh
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in  622]  config.yml
│   │   │   ├── [-rwxr----- wazuh-in wazuh-in 1.3K]  hash.sh
│   │   │   ├── [-rwxr----- wazuh-in wazuh-in 1.4K]  securityadmin.sh
│   │   │   ├── [-rw-r----- wazuh-in wazuh-in 3.9K]  SECURITY_ADMIN_TESTS.md
│   │   │   ├── [-rwxr----- wazuh-in wazuh-in  32K]  wazuh-certs-tool.sh
│   │   │   └── [-rwxr----- wazuh-in wazuh-in  38K]  wazuh-passwords-tool.sh
│   │   ├── [-rw-r----- wazuh-in wazuh-in  72K]  transport-netty4-client-2.3.0.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  70K]  txw2-2.3.4.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  woodstox-core-6.2.6.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 169K]  xmlschema-core-2.2.5.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in 1.1M]  xmlsec-2.2.3.jar
│   │   ├── [-rw-r----- wazuh-in wazuh-in  30K]  zjsonpatch-0.4.4.jar
│   │   └── [-rw-r----- wazuh-in wazuh-in 6.4M]  zstd-jni-1.5.0-2.jar
│   └── [drwxr-x--- wazuh-in wazuh-in  33M]  opensearch-sql
│       ├── [-rw-r----- wazuh-in wazuh-in 1.3M]  antlr4-4.7.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 329K]  antlr4-runtime-4.7.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 164K]  antlr-runtime-3.5.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 204K]  checker-qual-3.12.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  12K]  common-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 336K]  commons-codec-1.13.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 511K]  commons-lang3-3.10.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 2.1M]  commons-math3-3.6.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 482K]  core-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.9M]  druid-1.0.15.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  14K]  error_prone_annotations-2.7.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  failureaccess-1.0.1.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  78K]  geo-2.3.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 252K]  gson-2.8.9.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 2.8M]  guava-31.0.1-jre.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 177K]  httpasyncclient-4.1.5.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 762K]  httpclient-4.5.13.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 321K]  httpcore-4.4.15.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 361K]  httpcore-nio-4.4.15.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  11M]  icu4j-58.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 8.6K]  j2objc-annotations-1.3.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  74K]  jackson-annotations-2.13.3.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.5M]  jackson-databind-2.13.3.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  83K]  javax.json-1.0.4.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  63K]  json-20180813.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  19K]  jsr305-3.0.2.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 950K]  legacy-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  11K]  LICENSE.txt
│       ├── [-rw-r----- wazuh-in wazuh-in 2.1K]  listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  626]  NOTICE.txt
│       ├── [-rw-r----- wazuh-in wazuh-in 221K]  opensearch-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.1M]  opensearch-ml-client-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  67K]  opensearch-rest-client-2.3.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  32K]  opensearch-sql-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  66K]  opensearch-ssl-config-2.3.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  26K]  org.abego.treelayout.core-1.0.3.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  85K]  parent-join-client-2.3.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.8K]  plugin-descriptor.properties
│       ├── [-rw-r----- wazuh-in wazuh-in  508]  plugin-security.policy
│       ├── [-rw-r----- wazuh-in wazuh-in 261K]  ppl-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  24K]  presto-matching-0.240.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  36K]  protocol-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 118K]  reindex-client-2.3.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  52K]  resilience4j-core-1.5.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  45K]  resilience4j-retry-1.5.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  40K]  slf4j-api-1.7.30.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 374K]  spring-aop-5.3.22.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 683K]  spring-beans-5.3.22.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.2M]  spring-context-5.3.22.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 1.4M]  spring-core-5.3.22.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 283K]  spring-expression-5.3.22.jar
│       ├── [-rw-r----- wazuh-in wazuh-in  24K]  spring-jcl-5.3.22.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 305K]  sql-2.3.0.0.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 234K]  ST4-4.0.8.jar
│       ├── [-rw-r----- wazuh-in wazuh-in 877K]  vavr-0.10.2.jar
│       └── [-rw-r----- wazuh-in wazuh-in 3.0K]  vavr-match-0.10.2.jar
└── [-r--r----- wazuh-in wazuh-in    6]  VERSION

 644M used in 96 directories, 875 files
[root@al2-indexer ~]#
Content of /etc/wazuh-indexer 
[root@al2-indexer ~]# tree -pugh --du /etc/wazuh-indexer/
/etc/wazuh-indexer/
├── [dr-x------ wazuh-in wazuh-in 6.9K]  certs
│   ├── [-r-------- wazuh-in wazuh-in 1.7K]  admin-key.pem
│   ├── [-r-------- wazuh-in wazuh-in 1.1K]  admin.pem
│   ├── [-r-------- wazuh-in wazuh-in 1.7K]  indexer-key.pem
│   ├── [-r-------- wazuh-in wazuh-in 1.2K]  indexer.pem
│   └── [-r-------- wazuh-in wazuh-in 1.2K]  root-ca.pem
├── [-rw-rw---- wazuh-in wazuh-in 2.7K]  jvm.options
├── [drwxr-x--- wazuh-in wazuh-in    6]  jvm.options.d
├── [-rw-rw---- wazuh-in wazuh-in  14K]  log4j2.properties
├── [-rw-rw---- wazuh-in wazuh-in  196]  opensearch.keystore
├── [drwxr-x--- wazuh-in wazuh-in  438]  opensearch-notifications
│   └── [-rw-r----- wazuh-in wazuh-in  407]  notifications.yml
├── [drwxr-x--- wazuh-in wazuh-in  565]  opensearch-notifications-core
│   └── [-rw-r----- wazuh-in wazuh-in  529]  notifications-core.yml
├── [drwxr-x--- wazuh-in wazuh-in 1.3K]  opensearch-observability
│   └── [-rw-rw---- wazuh-in wazuh-in 1.3K]  observability.yml
├── [drwxr-x--- wazuh-in wazuh-in  17K]  opensearch-performance-analyzer
│   ├── [-rw-r----- wazuh-in wazuh-in  104]  agent-stats-metadata
│   ├── [-rw-r----- wazuh-in wazuh-in 2.0K]  log4j2.xml
│   ├── [-rw-r----- wazuh-in wazuh-in  432]  opensearch_security.policy
│   ├── [-rw-r----- wazuh-in wazuh-in 1.6K]  performance-analyzer.properties
│   ├── [-rw-r----- wazuh-in wazuh-in  106]  plugin-stats-metadata
│   ├── [-rw-r----- wazuh-in wazuh-in 2.9K]  rca.conf
│   ├── [-rw-r----- wazuh-in wazuh-in 4.3K]  rca_idle_master.conf
│   ├── [-rw-r----- wazuh-in wazuh-in 4.3K]  rca_master.conf
│   └── [-rw-r----- wazuh-in wazuh-in 1.3K]  supervisord.conf
├── [drwxr-x--- wazuh-in wazuh-in  332]  opensearch-reports-scheduler
│   └── [-rw-rw---- wazuh-in wazuh-in  297]  reports-scheduler.yml
├── [drwxr-x--- wazuh-in wazuh-in  36K]  opensearch-security
│   ├── [-rw-r----- wazuh-in wazuh-in   50]  action_groups.yml
│   ├── [-rw-r----- wazuh-in wazuh-in 1.9K]  allowlist.yml
│   ├── [-rw-r----- wazuh-in wazuh-in 2.5K]  audit.yml
│   ├── [-rw-r----- wazuh-in wazuh-in 9.7K]  config.yml
│   ├── [-rw-r----- wazuh-in wazuh-in 1.3K]  internal_users.yml
│   ├── [-rw-r----- wazuh-in wazuh-in  154]  nodes_dn.yml
│   ├── [-rw-r----- wazuh-in wazuh-in  12K]  opensearch.yml.example
│   ├── [-rw-r----- wazuh-in wazuh-in 1.5K]  roles_mapping.yml
│   ├── [-rw-r----- wazuh-in wazuh-in 4.5K]  roles.yml
│   ├── [-rw-r----- wazuh-in wazuh-in  170]  tenants.yml
│   └── [-rw-r----- wazuh-in wazuh-in 1.9K]  whitelist.yml
└── [-rw-rw---- wazuh-in wazuh-in 1.9K]  opensearch.yml

  86K used in 8 directories, 33 files
[root@al2-indexer ~]#
Content of /var/log/wazuh-indexer 
[root@al2-indexer ~]# tree -pugh --du /var/log/wazuh-indexer/
/var/log/wazuh-indexer/
├── [-rw-r--r-- wazuh-in wazuh-in 147K]  gc.log
├── [-rw-r--r-- wazuh-in wazuh-in 2.0K]  gc.log.00
├── [-rw-r----- wazuh-in wazuh-in 2.3K]  wazuh-cluster_deprecation.json
├── [-rw-r----- wazuh-in wazuh-in 1.3K]  wazuh-cluster_deprecation.log
├── [-rw-r----- wazuh-in wazuh-in    0]  wazuh-cluster_index_indexing_slowlog.json
├── [-rw-r----- wazuh-in wazuh-in    0]  wazuh-cluster_index_indexing_slowlog.log
├── [-rw-r----- wazuh-in wazuh-in    0]  wazuh-cluster_index_search_slowlog.json
├── [-rw-r----- wazuh-in wazuh-in    0]  wazuh-cluster_index_search_slowlog.log
├── [-rw-r----- wazuh-in wazuh-in 106K]  wazuh-cluster.log
├── [-rw-r----- wazuh-in wazuh-in 198K]  wazuh-cluster_server.json
├── [-rw-r----- wazuh-in wazuh-in    0]  wazuh-cluster_task_detailslog.json
└── [-rw-r----- wazuh-in wazuh-in    0]  wazuh-cluster_task_detailslog.log

 460K used in 0 directories, 12 files
[root@al2-indexer ~]#

Compared with the report from 4.3.10 testing, didn't find any change regarding location, size, or permissions of the installed files.

@chemamartinez
Copy link
Contributor

chemamartinez commented Dec 2, 2022
edited
Loading

Installation footprint 🟢

[root@al2-indexer ~]# find /etc -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]# find /usr -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]# find /var -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]# find /bin -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]# find /etc -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]# find /usr -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]# find /var -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]# find /bin -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@al2-indexer ~]#

@chemamartinez
Copy link
Contributor

chemamartinez commented Dec 2, 2022
edited
Loading

Wazuh indexer service 🟢

Content of service file 
[root@al2-indexer ~]# systemctl cat wazuh-indexer.service
# /usr/lib/systemd/system/wazuh-indexer.service
[Unit]
Description=Wazuh-indexer
Documentation=https://documentation.wazuh.com
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=yes
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer

WorkingDirectory=/usr/share/wazuh-indexer

User=wazuh-indexer
Group=wazuh-indexer

ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet

# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# wazuh-indexer logging system is initialized. Elasticsearch
# stores its logs in /var/log/wazuh-indexer and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535

# Specifies the maximum number of processes
LimitNPROC=4096

# Specifies the maximum size of virtual memory
LimitAS=infinity

# Specifies the maximum file size
LimitFSIZE=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0

# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM

# Send the signal only to the JVM rather than its control group
KillMode=process

# Java process is never killed
SendSIGKILL=no

# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143

# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=75

[Install]
WantedBy=multi-user.target
Wazuh indexer service status 
[root@al2-indexer ~]# systemctl is-enabled wazuh-indexer
enabled
[root@al2-indexer ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 08:41:32 UTC; 2h 21min ago
     Docs: https://documentation.wazuh.com
 Main PID: 55505 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─55505 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networka...

Dec 02 08:41:13 al2-indexer systemd[1]: Starting Wazuh-indexer...
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: A terminally deprecated method in java.lang.System has been called
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bo....jar)
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: Please consider reporting this to the maintainers of org.opense...earch
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager will be removed in a future release
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: A terminally deprecated method in java.lang.System has been called
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bo....jar)
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: Please consider reporting this to the maintainers of org.opense...urity
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager will be removed in a future release
Dec 02 08:41:32 al2-indexer systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.
[root@al2-indexer ~]#

@chemamartinez
Copy link
Contributor

Wazuh indexer installation logs 🟡

[root@al2-indexer ~]# journalctl | grep -i wazuh-indexer
Dec 02 08:33:10 al2-indexer groupadd[55301]: group added to /etc/group: name=wazuh-indexer, GID=994
Dec 02 08:33:10 al2-indexer groupadd[55301]: group added to /etc/gshadow: name=wazuh-indexer
Dec 02 08:33:10 al2-indexer groupadd[55301]: new group: name=wazuh-indexer, GID=994
Dec 02 08:33:10 al2-indexer useradd[55306]: new user: name=wazuh-indexer, UID=996, GID=994, home=/usr/share/wazuh-indexer, shell=/sbin/nologin
Dec 02 08:33:45 al2-indexer yum[55291]: Installed: wazuh-indexer-4.4.0-1.x86_64
Dec 02 08:41:07 al2-indexer systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Dec 02 08:41:07 al2-indexer systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Dec 02 08:41:07 al2-indexer systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Dec 02 08:41:13 al2-indexer systemd[1]: Starting Wazuh-indexer...
Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.3.0.jar)
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.3.0.jar)
Dec 02 08:41:32 al2-indexer systemd[1]: Started Wazuh-indexer.
Dec 02 08:41:53 al2-indexer systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Dec 02 08:45:03 al2-indexer systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Dec 02 08:46:51 al2-indexer runuser[55806]: pam_unix(runuser:session): session opened for user wazuh-indexer by vagrant(uid=0)
Dec 02 08:46:57 al2-indexer runuser[55806]: pam_unix(runuser:session): session closed for user wazuh-indexer
Dec 02 11:03:12 al2-indexer systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
[root@al2-indexer ~]#

Found a couple of warnings related to the System::setSecurityManager method. However, they are not descriptive regarding the possible consequences that this might lead to.

Dec 02 08:41:16 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.3.0.jar)
Dec 02 08:41:18 al2-indexer systemd-entrypoint[55505]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.3.0.jar)

In addition, they are not found in previous testing issues for this component.

@chemamartinez
Copy link
Contributor

chemamartinez commented Dec 2, 2022
edited
Loading

Wazuh indexer indices, templates, and shards 🟢

Indices

[root@al2-indexer ~]# curl -u admin:admin -k https://192.168.1.198:9200/_cat/indices?v=true
health status index                       uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   wazuh-alerts-4.x-2022.12.02 dSrzvodqQDqtRdJkOaMq8Q   3   0        566            0      1.2mb          1.2mb
green  open   wazuh-monitoring-2022.48w   SoicMZj7QAWyraVvvSO4qQ   1   0          4            0     66.6kb         66.6kb
green  open   .kibana_1                   CF4S-V7wQnuxQMProLJDLw   1   0          4            0     15.6kb         15.6kb
green  open   .opendistro_security        duh8mBXVTu20loC41W7QQg   1   0         10            0     65.1kb         65.1kb
green  open   wazuh-statistics-2022.48w   ft-VajwUR1m4i_uZSrn0fg   1   0          0            0       208b           208b
[root@al2-indexer ~]#

Templates

[root@al2-indexer ~]# curl -u admin:admin -k https://192.168.1.198:9200/_cat/templates?pretty
wazuh-agent      [wazuh-monitoring-*]                       0
wazuh            [wazuh-alerts-4.x-*, wazuh-archives-4.x-*] 0 1
wazuh-statistics [wazuh-statistics-*]                       0
[root@al2-indexer ~]#

Shards

[root@al2-indexer ~]# curl -u admin:admin -k https://192.168.1.198:9200/_cat/shards?v=true
index                       shard prirep state   docs   store ip            node
wazuh-monitoring-2022.48w   0     p      STARTED    4  66.6kb 192.168.1.198 indexer-1
.kibana_1                   0     p      STARTED    4  15.6kb 192.168.1.198 indexer-1
.opendistro_security        0     p      STARTED   10  65.1kb 192.168.1.198 indexer-1
wazuh-alerts-4.x-2022.12.02 1     p      STARTED  188 434.1kb 192.168.1.198 indexer-1
wazuh-alerts-4.x-2022.12.02 2     p      STARTED  201   470kb 192.168.1.198 indexer-1
wazuh-alerts-4.x-2022.12.02 0     p      STARTED  177 393.1kb 192.168.1.198 indexer-1
wazuh-statistics-2022.48w   0     p      STARTED    0    208b 192.168.1.198 indexer-1
[root@al2-indexer ~]#

Everything seems to be ok regarding previous testing issues.

@chemamartinez
Copy link
Contributor

chemamartinez commented Dec 2, 2022
edited
Loading

Wazuh indexer cluster status 🟢

Cluster status

[root@al2-indexer ~]# curl -u admin:admin -k https://192.168.1.198:9200/_cluster/state/nodes?pretty
{
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "T7PdkT2OQxagXdkKLIJ1Wg",
  "nodes" : {
    "cajwgy70RTWJEsPCEkjxcg" : {
      "name" : "indexer-1",
      "ephemeral_id" : "bdycw3CFSEmOAwlZ9WiiPA",
      "transport_address" : "192.168.1.198:9300",
      "attributes" : {
        "shard_indexing_pressure_enabled" : "true"
      }
    }
  }
}
[root@al2-indexer ~]#

Cluster health

[root@al2-indexer ~]# curl -u admin:admin -k https://192.168.1.198:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 7,
  "active_shards" : 7,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
[root@al2-indexer ~]#

@chemamartinez
Copy link
Contributor

Uninstall procedure🟢

Followed this guide to proceed with the uninstall:
https://documentation-dev.wazuh.com/v4.4.0-alpha1/user-manual/uninstall/central-components.html#uninstall-indexer

Uninstall procedure

[root@al2-indexer ~]# yum remove wazuh-indexer -y
Loaded plugins: langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.4.0-1 will be erased
--> Finished Dependency Resolution
amzn2-core/2/x86_64                                                                                             | 3.7 kB  00:00:00

Dependencies Resolved

=======================================================================================================================================
 Package                              Arch                          Version                        Repository                     Size
=======================================================================================================================================
Removing:
 wazuh-indexer                        x86_64                        4.4.0-1                        @wazuh                        644 M

Transaction Summary
=======================================================================================================================================
Remove  1 Package

Installed size: 644 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Stopping wazuh-indexer service... OK
  Erasing    : wazuh-indexer-4.4.0-1.x86_64                                                                                        1/1
warning: /etc/wazuh-indexer/opensearch.yml saved as /etc/wazuh-indexer/opensearch.yml.rpmsave
  Verifying  : wazuh-indexer-4.4.0-1.x86_64                                                                                        1/1

Removed:
  wazuh-indexer.x86_64 0:4.4.0-1

Complete!
[root@al2-indexer ~]# rm -rf /var/lib/wazuh-indexer/
[root@al2-indexer ~]# rm -rf /usr/share/wazuh-indexer/
[root@al2-indexer ~]# rm -rf /etc/wazuh-indexer/

Uninstall verification

[root@al2-indexer ~]# systemctl status wazuh-indexer
Unit wazuh-indexer.service could not be found.
[root@al2-indexer ~]# systemctl cat wazuh-indexer.service
No files found for wazuh-indexer.service.
[root@al2-indexer ~]# rpm -qa | grep wazuh-indexer
[root@al2-indexer ~]#

@chemamartinez chemamartinez moved this from In Progress to In Review in Release 4.4.0 Dec 2, 2022
@alberpilot
Copy link
Contributor

Regarding the 🟡 comment here: #15534 (comment)

This is explained here: elastic/elasticsearch#80344 (comment), quoting:

Elasticsearch has used the Java Security Manager for many years now in order to limit the actions the server and the plugins can make.

The JDK maintainers proposed in JEP 411 to deprecate and remove the Security Manager. The warnings you see here are part of the deprecation message. We (Elasticsearch) are aware that the Security Manager emits such warnings starting Java 17 (which is used by elasticsearch 7.15.1).

This warning is safe to ignore. We are working on a plan to replace the deprecated methods. We are also considering ways to convey the same information but make the warning look less dire.

@chemamartinez
Copy link
Contributor

E2E dataflow 🟢

Once every component is deployed. It has been verified that the UI works as expected, and also alerts from the agent are reaching the UI.

Screenshot 2022-12-02 at 12 13 36

Screenshot 2022-12-02 at 12 14 30

@alberpilot alberpilot mentioned this issue Dec 7, 2022
Closed
2 tasks
Repository owner moved this from In Review to Done in Release 4.4.0 Dec 7, 2022
@gdiazlo gdiazlo mentioned this issue Dec 27, 2022
Closed
2 tasks
@alberpilot alberpilot mentioned this issue Jan 16, 2023
Closed
@mjcr99 mjcr99 mentioned this issue Jan 16, 2023
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chemamartinez chemamartinez

Labels
release test/4.4.0 Issues related to testing for v4.4.0 type/test/manual
Projects
No open projects
Release 4.4.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alberpilot @chemamartinez @davidjiglesias @jotacarma90