[BUG] wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied #222
Assignees
Labels
Comments
3 tasks
Update reportAfter carrying out new tests with the fixes applied in the unattended, it was detected that Wazuh dashboard is installed correctly: [root@centos8 ~]# bash wazuh-install.sh -a
24/06/2024 17:26:07 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/06/2024 17:26:07 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/06/2024 17:26:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/06/2024 17:26:08 INFO: Wazuh web interface port will be 443.
24/06/2024 17:26:08 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
24/06/2024 17:26:09 INFO: Wazuh development repository added.
24/06/2024 17:26:09 INFO: --- Configuration files ---
24/06/2024 17:26:09 INFO: Generating configuration files.
24/06/2024 17:26:09 INFO: Generating the root certificate.
24/06/2024 17:26:10 INFO: Generating Admin certificates.
24/06/2024 17:26:10 INFO: Generating Wazuh indexer certificates.
24/06/2024 17:26:10 INFO: Generating Filebeat certificates.
24/06/2024 17:26:10 INFO: Generating Wazuh dashboard certificates.
24/06/2024 17:26:10 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
24/06/2024 17:26:10 INFO: --- Wazuh indexer ---
24/06/2024 17:26:10 INFO: Starting Wazuh indexer installation.
24/06/2024 17:28:29 INFO: Wazuh indexer installation finished.
24/06/2024 17:28:29 INFO: Wazuh indexer post-install configuration finished.
24/06/2024 17:28:29 INFO: Starting service wazuh-indexer.
24/06/2024 17:28:39 INFO: wazuh-indexer service started.
24/06/2024 17:28:39 INFO: Initializing Wazuh indexer cluster security settings.
24/06/2024 17:28:43 INFO: Wazuh indexer cluster security configuration initialized.
24/06/2024 17:28:43 INFO: Wazuh indexer cluster initialized.
24/06/2024 17:28:43 INFO: --- Wazuh server ---
24/06/2024 17:28:43 INFO: Starting the Wazuh manager installation.
24/06/2024 17:30:28 INFO: Wazuh manager installation finished.
24/06/2024 17:30:28 INFO: Wazuh manager vulnerability detection configuration finished.
24/06/2024 17:30:28 INFO: Starting service wazuh-manager.
24/06/2024 17:30:41 INFO: wazuh-manager service started.
24/06/2024 17:30:41 INFO: Starting Filebeat installation.
24/06/2024 17:30:49 INFO: Filebeat installation finished.
24/06/2024 17:30:51 INFO: Filebeat post-install configuration finished.
24/06/2024 17:30:51 INFO: Starting service filebeat.
24/06/2024 17:30:51 INFO: filebeat service started.
24/06/2024 17:30:51 INFO: --- Wazuh dashboard ---
24/06/2024 17:30:51 INFO: Starting Wazuh dashboard installation.
24/06/2024 17:32:56 INFO: Wazuh dashboard installation finished.
24/06/2024 17:32:56 INFO: Wazuh dashboard post-install configuration finished.
24/06/2024 17:32:56 INFO: Starting service wazuh-dashboard.
24/06/2024 17:32:56 INFO: wazuh-dashboard service started.
24/06/2024 17:32:56 INFO: Updating the internal users.
24/06/2024 17:32:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
24/06/2024 17:33:07 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
24/06/2024 17:33:38 INFO: Initializing Wazuh dashboard web application.
24/06/2024 17:33:39 INFO: Wazuh dashboard web application initialized.
24/06/2024 17:33:39 INFO: --- Summary ---
24/06/2024 17:33:39 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: jzD3C*81mHTN0ySUb+3X3aHTPNxRph1G
24/06/2024 17:33:40 INFO: Installation finished.I ran tests again with Step by Step to rule out, and the installation was successful despite the permission denied message: [root@centos8 ~]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-certs-tool.sh
[root@centos8 ~]# curl -sO https://packages-dev.wazuh.com/4.9/config.yml
[root@centos8 ~]# vi config.yml
[root@centos8 ~]# bash ./wazuh-certs-tool.sh -A
25/06/2024 12:29:18 INFO: Verbose logging redirected to /root/wazuh-certificates-tool.log
25/06/2024 12:29:18 INFO: Generating the root certificate.
25/06/2024 12:29:18 INFO: Generating Admin certificates.
25/06/2024 12:29:18 INFO: Admin certificates created.
25/06/2024 12:29:18 INFO: Generating Wazuh indexer certificates.
25/06/2024 12:29:18 INFO: Wazuh indexer certificates created.
25/06/2024 12:29:18 INFO: Generating Filebeat certificates.
25/06/2024 12:29:18 INFO: Wazuh Filebeat certificates created.
25/06/2024 12:29:18 INFO: Generating Wazuh dashboard certificates.
25/06/2024 12:29:18 INFO: Wazuh dashboard certificates created.
[root@centos8 ~]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
./wazuh-1-key.pem
./wazuh-1.pem
./dashboard-key.pem
./dashboard.pem
[root@centos8 ~]# rm -rf ./wazuh-certificates
[root@centos8 ~]# yum install coreutils -y
CentOS Linux 8 - AppStream 4.3 MB/s | 8.4 MB 00:01
CentOS Linux 8 - BaseOS 6.9 MB/s | 4.6 MB 00:00
CentOS Linux 8 - Extras 92 kB/s | 10 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 4.3 MB/s | 14 MB 00:03
Package coreutils-8.30-12.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@centos8 ~]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
[root@centos8 ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@centos8 ~]# yum -y install wazuh-indexer
EL-8 - Wazuh 5.1 MB/s | 26 MB 00:05
Last metadata expiration check: 0:00:08 ago on Tue 25 Jun 2024 12:30:31 PM UTC.
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.9.0-1 wazuh 813 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 813 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.9.0-1.x86_64.rpm 9.6 MB/s | 813 MB 01:24
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 9.6 MB/s | 813 MB 01:24
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
Installing : wazuh-indexer-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1
Installed:
wazuh-indexer-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# vi /etc/wazuh-indexer/opensearch.yml
[root@centos8 ~]# NODE_NAME=node-1
[root@centos8 ~]# mkdir /etc/wazuh-indexer/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@centos8 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@centos8 ~]# chmod 500 /etc/wazuh-indexer/certs
[root@centos8 ~]# chmod 400 /etc/wazuh-indexer/certs/*
[root@centos8 ~]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos8 ~]# systemctl start wazuh-indexer
[root@centos8 ~]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@centos8 ~]# yum -y install wazuh-manager
CentOS Linux 8 - AppStream 7.8 kB/s | 4.3 kB 00:00
CentOS Linux 8 - BaseOS 26 kB/s | 3.9 kB 00:00
CentOS Linux 8 - Extras 13 kB/s | 1.5 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 84 kB/s | 90 kB 00:01
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-manager x86_64 4.9.0-1 wazuh 300 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 300 M
Installed size: 893 M
Downloading Packages:
wazuh-manager-4.9.0-1.x86_64.rpm 8.9 MB/s | 300 MB 00:33
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.9 MB/s | 300 MB 00:33
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1
Installing : wazuh-manager-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1
Verifying : wazuh-manager-4.9.0-1.x86_64 1/1
Installed:
wazuh-manager-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
-bash: var/ossec/bin/wazuh-keystore: No such file or directory
[root@centos8 ~]# /var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
[root@centos8 ~]# /var/ossec/bin/wazuh-keystore -f indexer -k password -v admin
[root@centos8 ~]# vi /var/ossec/etc/ossec.conf
[root@centos8 ~]# yum -y install filebeat
EL-8 - Wazuh 2.5 kB/s | 3.4 kB 00:01
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
filebeat x86_64 7.10.2-1 wazuh 21 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 21 M
Installed size: 70 M
Downloading Packages:
filebeat-oss-7.10.2-x86_64.rpm 6.2 MB/s | 21 MB 00:03
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.2 MB/s | 21 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : filebeat-7.10.2-1.x86_64 1/1
Running scriptlet: filebeat-7.10.2-1.x86_64 1/1
Verifying : filebeat-7.10.2-1.x86_64 1/1
Installed:
filebeat-7.10.2-1.x86_64
Complete!
[root@centos8 ~]# curl -so /etc/filebeat/filebeat.yml https://packages-dev.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml
[root@centos8 ~]# vi /etc/filebeat/filebeat.yml
[root@centos8 ~]# filebeat keystore create
Created filebeat keystore
[root@centos8 ~]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@centos8 ~]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@centos8 ~]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.9.0-alpha1/extensions/elasticsearch/7.x/wazuh-template.json
[root@centos8 ~]# curl -s https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
[root@centos8 ~]# ls -la
total 100
dr-xr-x---. 2 root root 217 Jun 25 12:38 .
dr-xr-xr-x. 17 root root 224 Nov 1 2023 ..
-rw-r--r--. 1 root root 18 May 11 2019 .bash_logout
-rw-r--r--. 1 root root 176 May 11 2019 .bash_profile
-rw-r--r--. 1 root root 176 May 11 2019 .bashrc
-rw-------. 1 root root 610 Jun 25 12:29 config.yml
-rw-r--r--. 1 root root 100 May 11 2019 .cshrc
-rw-r--r--. 1 root root 129 May 11 2019 .tcshrc
-rw-------. 1 root root 3640 Jun 25 12:38 .viminfo
-rw-r--r--. 1 root root 30720 Jun 25 12:29 wazuh-certificates.tar
-rw-------. 1 root root 641 Jun 25 12:29 wazuh-certificates-tool.log
-rw-r--r--. 1 root root 36475 Jun 25 12:28 wazuh-certs-tool.sh
[root@centos8 ~]# cat config.yml
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: "127.0.0.1"
#- name: node-2
# ip: "<indexer-node-ip>"
#- name: node-3
# ip: "<indexer-node-ip>"
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: "127.0.0.1"
# node_type: master
#- name: wazuh-2
# ip: "<wazuh-manager-ip>"
# node_type: worker
#- name: wazuh-3
# ip: "<wazuh-manager-ip>"
# node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: "127.0.0.1"
[root@centos8 ~]# NODE_NAME=wazuh-1
[root@centos8 ~]# mkdir /etc/filebeat/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@centos8 ~]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@centos8 ~]# chmod 500 /etc/filebeat/certs
[root@centos8 ~]# chmod 400 /etc/filebeat/certs/*
[root@centos8 ~]# chown -R root:root /etc/filebeat/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
[root@centos8 ~]# systemctl start wazuh-manager
[root@centos8 ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-06-25 12:40:13 UTC; 5s ago
Process: 5997 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 163 (limit: 49489)
Memory: 2.8G
CGroup: /system.slice/wazuh-manager.service
├─6062 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6102 /var/ossec/bin/wazuh-authd
├─6116 /var/ossec/bin/wazuh-db
├─6132 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6135 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6138 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─6151 /var/ossec/bin/wazuh-execd
├─6166 /var/ossec/bin/wazuh-analysisd
├─6176 /var/ossec/bin/wazuh-syscheckd
├─6244 /var/ossec/bin/wazuh-remoted
├─6280 /var/ossec/bin/wazuh-logcollector
├─6329 /var/ossec/bin/wazuh-monitord
└─6376 /var/ossec/bin/wazuh-modulesd
Jun 25 12:40:06 centos8.localdomain env[5997]: Started wazuh-analysisd...
Jun 25 12:40:07 centos8.localdomain env[5997]: Started wazuh-syscheckd...
Jun 25 12:40:08 centos8.localdomain env[5997]: Started wazuh-remoted...
Jun 25 12:40:09 centos8.localdomain env[5997]: Started wazuh-logcollector...
Jun 25 12:40:10 centos8.localdomain env[5997]: Started wazuh-monitord...
Jun 25 12:40:10 centos8.localdomain env[5997]: 2024/06/25 12:40:10 wazuh-modulesd:router: INFO: Loaded router module.
Jun 25 12:40:10 centos8.localdomain env[5997]: 2024/06/25 12:40:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jun 25 12:40:11 centos8.localdomain env[5997]: Started wazuh-modulesd...
Jun 25 12:40:13 centos8.localdomain env[5997]: Completed.
Jun 25 12:40:13 centos8.localdomain systemd[1]: Started Wazuh manager.
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
[root@centos8 ~]# systemctl start filebeat
[root@centos8 ~]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
[root@centos8 ~]# yum install libcap -y
Last metadata expiration check: 0:02:20 ago on Tue 25 Jun 2024 12:38:22 PM UTC.
Package libcap-2.26-5.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@centos8 ~]# yum -y install wazuh-dashboard
Last metadata expiration check: 0:02:25 ago on Tue 25 Jun 2024 12:38:22 PM UTC.
Dependencies resolved.
============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================================================================================
Installing:
wazuh-dashboard x86_64 4.9.0-1 wazuh 260 M
Transaction Summary
============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 260 M
Installed size: 888 M
Downloading Packages:
wazuh-dashboard-4.9.0-1.x86_64.rpm 8.6 MB/s | 260 MB 00:30
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.6 MB/s | 260 MB 00:30
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.9.0-1.x86_64 1/1
Installed:
wazuh-dashboard-4.9.0-1.x86_64
Complete!
[root@centos8 ~]# NODE_NAME=dashboard
[root@centos8 ~]# vi /etc/wazuh-dashboard/opensearch_dashboards.yml
[root@centos8 ~]# mkdir /etc/wazuh-dashboard/certs
[root@centos8 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos8 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@centos8 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@centos8 ~]# chmod 500 /etc/wazuh-dashboard/certs
[root@centos8 ~]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@centos8 ~]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@centos8 ~]# systemctl daemon-reload
[root@centos8 ~]# systemctl enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
[root@centos8 ~]# systemctl start wazuh-dashboard
[root@centos8 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:1d:95:95 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
valid_lft 84686sec preferred_lft 84686sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:ae:bb:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.57.177/24 brd 192.168.57.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
[root@centos8 ~]# systemctl status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-06-25 12:43:07 UTC; 33s ago
Main PID: 8195 (node)
Tasks: 11 (limit: 49489)
Memory: 223.0M
CGroup: /system.slice/wazuh-dashboard.service
└─8195 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
Jun 25 12:43:07 centos8.localdomain systemd[1]: Started wazuh-dashboard.
Jun 25 12:43:07 centos8.localdomain systemd[8195]: wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied
|
This was referenced Jun 26, 2024
ReproducingThe error was reproducible, using CentOS 8. Error reproduced[root@localhost vagrant]# sudo sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
[root@localhost vagrant]# sudo sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
[root@localhost vagrant]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh
[root@localhost vagrant]# bash wazuh-install.sh -a
27/06/2024 09:03:00 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/06/2024 09:03:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/06/2024 09:03:01 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/06/2024 09:03:01 INFO: Wazuh web interface port will be 443.
27/06/2024 09:03:01 INFO: --- Dependencies ---
27/06/2024 09:03:01 INFO: Installing lsof.
27/06/2024 09:03:10 INFO: Wazuh development repository added.
27/06/2024 09:03:10 INFO: --- Configuration files ---
27/06/2024 09:03:10 INFO: Generating configuration files.
27/06/2024 09:03:11 INFO: Generating the root certificate.
27/06/2024 09:03:11 INFO: Generating Admin certificates.
27/06/2024 09:03:11 INFO: Generating Wazuh indexer certificates.
27/06/2024 09:03:11 INFO: Generating Filebeat certificates.
27/06/2024 09:03:11 INFO: Generating Wazuh dashboard certificates.
27/06/2024 09:03:13 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
27/06/2024 09:03:14 INFO: --- Wazuh indexer ---
27/06/2024 09:03:14 INFO: Starting Wazuh indexer installation.
27/06/2024 09:05:08 INFO: Wazuh indexer installation finished.
27/06/2024 09:05:08 INFO: Wazuh indexer post-install configuration finished.
27/06/2024 09:05:08 INFO: Starting service wazuh-indexer.
27/06/2024 09:05:42 INFO: wazuh-indexer service started.
27/06/2024 09:05:42 INFO: Initializing Wazuh indexer cluster security settings.
27/06/2024 09:05:54 INFO: Wazuh indexer cluster security configuration initialized.
27/06/2024 09:05:54 INFO: Wazuh indexer cluster initialized.
27/06/2024 09:05:54 INFO: --- Wazuh server ---
27/06/2024 09:05:54 INFO: Starting the Wazuh manager installation.
27/06/2024 09:07:49 INFO: Wazuh manager installation finished.
27/06/2024 09:07:49 INFO: Wazuh manager vulnerability detection configuration finished.
27/06/2024 09:07:49 INFO: Starting service wazuh-manager.
27/06/2024 09:08:05 INFO: wazuh-manager service started.
27/06/2024 09:08:05 INFO: Starting Filebeat installation.
27/06/2024 09:08:31 INFO: Filebeat installation finished.
27/06/2024 09:08:46 INFO: Filebeat post-install configuration finished.
27/06/2024 09:08:46 INFO: Starting service filebeat.
27/06/2024 09:08:48 INFO: filebeat service started.
27/06/2024 09:08:48 INFO: --- Wazuh dashboard ---
27/06/2024 09:08:48 INFO: Starting Wazuh dashboard installation.
27/06/2024 09:13:46 INFO: Wazuh dashboard installation finished.
27/06/2024 09:13:46 INFO: Wazuh dashboard post-install configuration finished.
27/06/2024 09:13:46 INFO: Starting service wazuh-dashboard.
27/06/2024 09:13:46 INFO: wazuh-dashboard service started.
27/06/2024 09:13:47 INFO: Updating the internal users.
27/06/2024 09:13:55 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
27/06/2024 09:14:22 INFO: Updated username and password in Filebeat Keystore. Also updated filebeat.yml file to use the Filebeat Keystore username and password.
27/06/2024 09:15:22 INFO: Initializing Wazuh dashboard web application.
27/06/2024 09:15:22 INFO: Wazuh dashboard web application not yet initialized. Waiting...
^C
Do you want to remove the ongoing installation?[Y/N]n
[root@localhost vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-06-27 09:14:59 UTC; 38s ago
Main PID: 14317 (node)
Tasks: 11 (limit: 49502)
Memory: 213.3M
CGroup: /system.slice/wazuh-dashboard.service
└─14317 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
Jun 27 09:14:59 localhost.localdomain systemd[1]: Started wazuh-dashboard.
Jun 27 09:14:59 localhost.localdomain systemd[14317]: wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied
[root@localhost vagrant]# journalctl -u wazuh-dashboard
-- Logs begin at Thu 2024-06-27 09:00:20 UTC, end at Thu 2024-06-27 09:15:59 UTC. --
Jun 27 09:13:46 localhost.localdomain systemd[1]: Started wazuh-dashboard.
Jun 27 09:13:46 localhost.localdomain systemd[12515]: wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied
Jun 27 09:14:58 localhost.localdomain systemd[1]: Stopping wazuh-dashboard...
Jun 27 09:14:59 localhost.localdomain systemd[1]: wazuh-dashboard.service: Succeeded.
Jun 27 09:14:59 localhost.localdomain systemd[1]: Stopped wazuh-dashboard.
Jun 27 09:14:59 localhost.localdomain systemd[1]: Started wazuh-dashboard.
Jun 27 09:14:59 localhost.localdomain systemd[14317]: wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied
[root@localhost vagrant]# journalctl -u wazuh-dashboardTestsAfter some tests concluded that the error only occured if all the components were installed. However, installing only the Dashboard didn't produced the error Installing only dashboard with script[root@localhost vagrant]# sudo sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
[root@localhost vagrant]# sudo sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
[root@localhost vagrant]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh
[root@localhost vagrant]# bash wazuh-install.sh --generate-config-files
27/06/2024 08:50:45 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/06/2024 08:50:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/06/2024 08:50:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/06/2024 08:50:46 INFO: --- Configuration files ---
27/06/2024 08:50:46 INFO: Generating configuration files.
27/06/2024 08:50:47 INFO: Generating the root certificate.
27/06/2024 08:50:47 INFO: Generating Admin certificates.
27/06/2024 08:50:48 INFO: Generating Wazuh indexer certificates.
27/06/2024 08:50:48 INFO: Generating Filebeat certificates.
27/06/2024 08:50:48 INFO: Generating Wazuh dashboard certificates.
27/06/2024 08:50:49 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
[root@localhost vagrant]# bash wazuh-install.sh --wazuh-dashboard dashboard -fd
27/06/2024 08:51:37 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/06/2024 08:51:37 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/06/2024 08:51:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/06/2024 08:51:37 INFO: Wazuh web interface port will be 443.
27/06/2024 08:51:37 INFO: --- Dependencies ---
27/06/2024 08:51:37 INFO: Installing lsof.
27/06/2024 08:51:47 INFO: Wazuh development repository added.
27/06/2024 08:51:48 INFO: --- Wazuh dashboard ----
27/06/2024 08:51:48 INFO: Starting Wazuh dashboard installation.
27/06/2024 08:53:46 INFO: Wazuh dashboard installation finished.
27/06/2024 08:53:46 INFO: Wazuh dashboard post-install configuration finished.
27/06/2024 08:53:46 INFO: Starting service wazuh-dashboard.
27/06/2024 08:53:47 INFO: wazuh-dashboard service started.
27/06/2024 08:54:55 INFO: Initializing Wazuh dashboard web application.
27/06/2024 08:56:55 WARNING: Cannot connect to Wazuh dashboard.
27/06/2024 08:57:20 WARNING: Failed to connect with node-1. Connection refused.
27/06/2024 08:57:20 INFO: --- Summary ---
27/06/2024 08:57:20 INFO: When Wazuh dashboard is able to connect to your Wazuh indexer cluster, you can access the web interface https://<wazuh-dashboard-ip>
User: admin
Password: b64dTK471iPpvCd.Ls4cnf.di?IJK??r
27/06/2024 08:57:20 INFO: --- Dependencies ---
27/06/2024 08:57:20 INFO: Removing lsof.
27/06/2024 08:57:21 INFO: Installation finished.
[root@localhost vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-06-27 08:53:55 UTC; 4min 39s ago
Main PID: 8672 (node)
Tasks: 11 (limit: 49502)
Memory: 178.4M
CGroup: /system.slice/wazuh-dashboard.service
└─8672 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
Jun 27 08:58:10 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:10Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:12 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:12Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:15 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:15Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:17 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:17Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:20 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:20Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:22 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:22Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:25 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:25Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:27 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:27Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:30 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:30Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:58:32 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:58:32Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
[root@localhost vagrant]# journalctl -u wazuh-dashboard
-- Logs begin at Thu 2024-06-27 08:46:16 UTC, end at Thu 2024-06-27 08:58:40 UTC. --
Jun 27 08:53:47 localhost.localdomain systemd[1]: Started wazuh-dashboard.
Jun 27 08:53:50 localhost.localdomain systemd[1]: Stopping wazuh-dashboard...
Jun 27 08:53:54 localhost.localdomain opensearch-dashboards[8524]: {"type":"log","@timestamp":"2024-06-27T08:53:54Z","tags":["info","plugins-service"],"pid":8524,"message":"Plugin \"dataSourceManagement\" has>
Jun 27 08:53:54 localhost.localdomain opensearch-dashboards[8524]: {"type":"log","@timestamp":"2024-06-27T08:53:54Z","tags":["info","plugins-service"],"pid":8524,"message":"Plugin \"applicationConfig\" is dis>
Jun 27 08:53:54 localhost.localdomain opensearch-dashboards[8524]: {"type":"log","@timestamp":"2024-06-27T08:53:54Z","tags":["info","plugins-service"],"pid":8524,"message":"Plugin \"cspHandler\" is disabled."}
Jun 27 08:53:54 localhost.localdomain opensearch-dashboards[8524]: {"type":"log","@timestamp":"2024-06-27T08:53:54Z","tags":["info","plugins-service"],"pid":8524,"message":"Plugin \"dataSource\" is disabled."}
Jun 27 08:53:54 localhost.localdomain opensearch-dashboards[8524]: {"type":"log","@timestamp":"2024-06-27T08:53:54Z","tags":["info","plugins-service"],"pid":8524,"message":"Plugin \"visTypeXy\" is disabled."}
Jun 27 08:53:54 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:54 localhost.localdomain opensearch-dashboards[8524]: [Error [ObjectUnsubscribedError]: object unsubscribed]
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain opensearch-dashboards[8524]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:53:55 localhost.localdomain systemd[1]: wazuh-dashboard.service: Succeeded.
Jun 27 08:53:55 localhost.localdomain systemd[1]: Stopped wazuh-dashboard.
Jun 27 08:53:55 localhost.localdomain systemd[1]: Started wazuh-dashboard.
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:01Z","tags":["info","plugins-service"],"pid":8672,"message":"Plugin \"dataSourceManagement\" has>
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:01Z","tags":["info","plugins-service"],"pid":8672,"message":"Plugin \"applicationConfig\" is dis>
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:01Z","tags":["info","plugins-service"],"pid":8672,"message":"Plugin \"cspHandler\" is disabled."}
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:01Z","tags":["info","plugins-service"],"pid":8672,"message":"Plugin \"dataSource\" is disabled."}
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:01Z","tags":["info","plugins-service"],"pid":8672,"message":"Plugin \"visTypeXy\" is disabled."}
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:01Z","tags":["info","plugins-system"],"pid":8672,"message":"Setting up [48] plugins: [usageColle>
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:01 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:02 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:02 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:02 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:02 localhost.localdomain opensearch-dashboards[8672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:54:02 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:02Z","tags":["info","savedobjects-service"],"pid":8672,"message":"Waiting until all OpenSearch n>
Jun 27 08:54:02 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:02Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:02 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:02Z","tags":["error","savedobjects-service"],"pid":8672,"message":"Unable to retrieve version in>
Jun 27 08:54:04 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:04Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:07 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:07Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:09 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:09Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:12 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:12Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:14 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:14Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:17 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:17Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:19 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:19Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:22 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:22Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:24 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:24Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:27 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:27Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:54:29 localhost.localdomain opensearch-dashboards[8672]: {"type":"log","@timestamp":"2024-06-27T08:54:29Z","tags":["error","opensearch","data"],"pid":8672,"message":"[ConnectionError]: connect ECONN>
Installing only dashboard step by step[root@localhost vagrant]# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
[root@localhost vagrant]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\npro
tect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@localhost vagrant]# yum -y install wazuh-dashboard
EL-8 - Wazuh 4.8 MB/s | 26 MB 00:05
Last metadata expiration check: 0:00:11 ago on Thu 27 Jun 2024 08:34:32 AM UTC.
Dependencies resolved.
=================================================================================================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================================================================================================
Installing:
wazuh-dashboard x86_64 4.9.0-1 wazuh 260 M
Transaction Summary
=================================================================================================================================================================================================================
Install 1 Package
Total download size: 260 M
Installed size: 888 M
Downloading Packages:
wazuh-dashboard-4.9.0-1.x86_64.rpm 11 MB/s | 260 MB 00:22
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 11 MB/s | 260 MB 00:22
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.9.0-1.x86_64 1/1
Installed:
wazuh-dashboard-4.9.0-1.x86_64
Complete!
[root@localhost vagrant]# curl -sO https://packages.wazuh.com/4.8/wazuh-certs-tool.sh
[root@localhost vagrant]# curl -sO https://packages.wazuh.com/4.8/config.yml
[root@localhost vagrant]# vi config.yml
[root@localhost vagrant]# bash ./wazuh-certs-tool.sh -A
27/06/2024 08:38:42 INFO: Generating the root certificate.
27/06/2024 08:38:42 INFO: Generating Admin certificates.
27/06/2024 08:38:42 INFO: Admin certificates created.
27/06/2024 08:38:42 INFO: Generating Wazuh indexer certificates.
27/06/2024 08:38:42 INFO: Wazuh indexer certificates created.
27/06/2024 08:38:42 INFO: Generating Filebeat certificates.
27/06/2024 08:38:42 INFO: Wazuh Filebeat certificates created.
27/06/2024 08:38:42 INFO: Generating Wazuh dashboard certificates.
27/06/2024 08:38:43 INFO: Wazuh dashboard certificates created.
[root@localhost vagrant]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
-rf ./wazuh-certificates./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
./wazuh-1-key.pem
./wazuh-1.pem
./dashboard-key.pem
./dashboard.pem
[root@localhost vagrant]# rm -rf ./wazuh-certificates
[root@localhost vagrant]# NODE_NAME=dashboard
[root@localhost vagrant]# mkdir /etc/wazuh-dashboard/certs
m ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs[root@localhost vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@localhost vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@localhost vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@localhost vagrant]# chmod 500 /etc/wazuh-dashboard/certs
[root@localhost vagrant]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@localhost vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@localhost vagrant]# systemctl daemon-reload
[root@localhost vagrant]# systemctl enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
[root@localhost vagrant]# systemctl start wazuh-dashboard
[root@localhost vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-06-27 08:39:08 UTC; 18s ago
Main PID: 7947 (node)
Tasks: 11 (limit: 49502)
Memory: 226.3M
CGroup: /system.slice/wazuh-dashboard.service
└─7947 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:16Z","tags":["info","savedobjects-service"],"pid":7947,"message":"Waiting until all OpenSearch n>
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:16Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:16Z","tags":["error","savedobjects-service"],"pid":7947,"message":"Unable to retrieve version in>
Jun 27 08:39:18 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:18Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:21 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:21Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:23 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:23Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:26 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:26Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
[root@localhost vagrant]# journalctl -u wazuh-dashboard
-- Logs begin at Thu 2024-06-27 08:30:46 UTC, end at Thu 2024-06-27 08:39:31 UTC. --
Jun 27 08:39:08 localhost.localdomain systemd[1]: Started wazuh-dashboard.
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:15Z","tags":["info","plugins-service"],"pid":7947,"message":"Plugin \"dataSourceManagement\" has>
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:15Z","tags":["info","plugins-service"],"pid":7947,"message":"Plugin \"applicationConfig\" is dis>
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:15Z","tags":["info","plugins-service"],"pid":7947,"message":"Plugin \"cspHandler\" is disabled."}
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:15Z","tags":["info","plugins-service"],"pid":7947,"message":"Plugin \"dataSource\" is disabled."}
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:15Z","tags":["info","plugins-service"],"pid":7947,"message":"Plugin \"visTypeXy\" is disabled."}
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:15Z","tags":["info","plugins-system"],"pid":7947,"message":"Setting up [48] plugins: [usageColle>
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:15 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:16Z","tags":["info","savedobjects-service"],"pid":7947,"message":"Waiting until all OpenSearch n>
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:16Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:16 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:16Z","tags":["error","savedobjects-service"],"pid":7947,"message":"Unable to retrieve version in>
Jun 27 08:39:18 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:18Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:21 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:21Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:23 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:23Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:26 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:26Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:28 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:28Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Jun 27 08:39:31 localhost.localdomain opensearch-dashboards[7947]: {"type":"log","@timestamp":"2024-06-27T08:39:31Z","tags":["error","opensearch","data"],"pid":7947,"message":"[ConnectionError]: connect ECONN>
Testing with Indexer installationBased in the previous evidence, a test was done installing step by step the Indexer and then the Dashboard, showing again the error Installing Dashboard after the Indexer[root@localhost vagrant]# curl -sO https://packages.wazuh.com/4.8/wazuh-certs-tool.sh
[root@localhost vagrant]# curl -sO https://packages.wazuh.com/4.8/config.yml
[root@localhost vagrant]# vi config.yml
[root@localhost vagrant]# bash ./wazuh-certs-tool.sh -A
[root@localhost vagrant]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
ificates./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
./wazuh-1-key.pem
./wazuh-1.pem
./dashboard-key.pem
./dashboard.pem
[root@localhost vagrant]# rm -rf ./wazuh-certificates
[root@localhost vagrant]# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
[root@localhost vagrant]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
[root@localhost vagrant]# yum -y install wazuh-indexer
EL-8 - Wazuh 3.2 MB/s | 26 MB 00:08
Last metadata expiration check: 0:00:14 ago on Thu 27 Jun 2024 12:54:50 PM UTC.
Dependencies resolved.
=================================================================================================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.9.0-1 wazuh 813 M
Transaction Summary
=================================================================================================================================================================================================================
Install 1 Package
Total download size: 813 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.9.0-1.x86_64.rpm 5.5 MB/s | 813 MB 02:26
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 5.5 MB/s | 813 MB 02:26
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
Installing : wazuh-indexer-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1
Installed:
wazuh-indexer-4.9.0-1.x86_64
[root@localhost vagrant]# NODE_NAME=node-1
[root@localhost vagrant]# mkdir /etc/wazuh-indexer/certs
rts/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@localhost vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@localhost vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@localhost vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@localhost vagrant]# chmod 500 /etc/wazuh-indexer/certs
[root@localhost vagrant]# chmod 400 /etc/wazuh-indexer/certs/*
[root@localhost vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@localhost vagrant]# systemctl daemon-reload
[root@localhost vagrant]# systemctl enable wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
[root@localhost vagrant]# systemctl start wazuh-indexer
[root@localhost vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@localhost vagrant]# curl -k -u admin:admin https://127.0.0.1:9200
{
"name" : "node-1",
"cluster_name" : "wazuh-cluster",
"cluster_uuid" : "hRFGsJSoRFyzvqVu5cyWeA",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "f327a4177e4bfee79ce9096dd18a6769d6cf77bc",
"build_date" : "2024-06-20T18:27:36.506219Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@localhost vagrant]#
[root@localhost vagrant]#
[root@localhost vagrant]#
[root@localhost vagrant]#
[root@localhost vagrant]#
[root@localhost vagrant]#
[root@localhost vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-06-27 13:01:11 UTC; 1min 8s ago
Docs: https://documentation.wazuh.com
Main PID: 7979 (java)
Tasks: 79 (limit: 49502)
Memory: 1.3G
CGroup: /system.slice/wazuh-indexer.service
└─7979 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=t>
Jun 27 13:00:35 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.>
Jun 27 13:00:35 localhost.localdomain systemd-entrypoint[7979]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jun 27 13:00:35 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager will be removed in a future release
Jun 27 13:00:37 localhost.localdomain systemd-entrypoint[7979]: Jun 27, 2024 1:00:37 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jun 27 13:00:37 localhost.localdomain systemd-entrypoint[7979]: WARNING: COMPAT locale provider will be removed in a future release
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: A terminally deprecated method in java.lang.System has been called
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.ja>
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager will be removed in a future release
Jun 27 13:01:11 localhost.localdomain systemd[1]: Started wazuh-indexer.
Jun 27 13:00:29 localhost.localdomain systemd[1]: Starting wazuh-indexer...
Jun 27 13:00:35 localhost.localdomain systemd-entrypoint[7979]: WARNING: A terminally deprecated method in java.lang.System has been called
Jun 27 13:00:35 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.>
Jun 27 13:00:35 localhost.localdomain systemd-entrypoint[7979]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jun 27 13:00:35 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager will be removed in a future release
Jun 27 13:00:37 localhost.localdomain systemd-entrypoint[7979]: Jun 27, 2024 1:00:37 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jun 27 13:00:37 localhost.localdomain systemd-entrypoint[7979]: WARNING: COMPAT locale provider will be removed in a future release
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: A terminally deprecated method in java.lang.System has been called
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.ja>
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jun 27 13:00:39 localhost.localdomain systemd-entrypoint[7979]: WARNING: System::setSecurityManager will be removed in a future release
Jun 27 13:01:11 localhost.localdomain systemd[1]: Started wazuh-indexer.
[root@localhost vagrant]# yum install libcap
Last metadata expiration check: 0:07:51 ago on Thu 27 Jun 2024 12:54:50 PM UTC.
Package libcap-2.26-5.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@localhost vagrant]# yum -y install wazuh-dashboard
Last metadata expiration check: 0:07:55 ago on Thu 27 Jun 2024 12:54:50 PM UTC.
Dependencies resolved.
=================================================================================================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================================================================================================
Installing:
wazuh-dashboard x86_64 4.9.0-1 wazuh 260 M
Transaction Summary
=================================================================================================================================================================================================================
Install 1 Package
Total download size: 260 M
Installed size: 888 M
Downloading Packages:
wazuh-dashboard-4.9.0-1.x86_64.rpm 6.1 MB/s | 260 MB 00:42
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.1 MB/s | 260 MB 00:42
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.9.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.9.0-1.x86_64 1/1
Installed:
wazuh-dashboard-4.9.0-1.x86_64
Complete!
[root@localhost vagrant]# NODE_NAME=dashboard
[root@localhost vagrant]# mkdir /etc/wazuh-dashboard/certs
r -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs[root@localhost vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@localhost vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@localhost vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@localhost vagrant]# chmod 500 /etc/wazuh-dashboard/certs
[root@localhost vagrant]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@localhost vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@localhost vagrant]# systemctl daemon-reload
ashboard[root@localhost vagrant]# systemctl enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
[root@localhost vagrant]# systemctl start wazuh-dashboard
[root@localhost vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-06-27 13:07:48 UTC; 5s ago
Main PID: 8494 (node)
Tasks: 11 (limit: 49502)
Memory: 169.4M
CGroup: /system.slice/wazuh-dashboard.service
└─8494 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
Jun 27 13:07:48 localhost.localdomain systemd[1]: Started wazuh-dashboard.
Jun 27 13:07:48 localhost.localdomain systemd[8494]: wazuh-dashboard.service: Failed to connect stdout to the journal socket, ignoring: Permission denied |
UpdateDid more tests. If the Dashboard was installed before the Indexer, it will continue working until restarting it. After that, the error happened again. FindReviewing the system files, found that the installation of the Indexer is changing the Before installing: [root@localhost vagrant]# ls -l /
total 16
lrwxrwxrwx. 1 root root 7 Jun 22 2021 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 Dec 19 2021 boot
drwxr-xr-x. 18 root root 2880 Jun 27 08:46 dev
drwxr-xr-x. 87 root root 8192 Jun 27 11:48 etc
drwxr-xr-x. 3 root root 21 Dec 19 2021 home
lrwxrwxrwx. 1 root root 7 Jun 22 2021 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Jun 22 2021 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 Jun 22 2021 media
drwxr-xr-x. 2 root root 6 Jun 22 2021 mnt
drwxr-xr-x. 3 root root 39 Dec 19 2021 opt
dr-xr-xr-x. 130 root root 0 Jun 27 08:46 proc
dr-xr-x---. 2 root root 91 Dec 19 2021 root
drwxr-xr-x. 26 root root 840 Jun 27 08:53 run
lrwxrwxrwx. 1 root root 8 Jun 22 2021 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Jun 22 2021 srv
dr-xr-xr-x. 13 root root 0 Jun 27 08:46 sys
drwxrwxrwt. 3 root root 85 Jun 28 08:04 tmp
drwxr-xr-x. 12 root root 144 Dec 19 2021 usr
drwxrwxrwx. 1 vagrant vagrant 0 Jun 27 08:40 vagrant
drwxr-xr-x. 20 root root 278 Dec 19 2021 varAfter installing: [root@localhost vagrant]# ls -l /
total 16
lrwxrwxrwx. 1 root root 7 Jun 22 2021 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 Dec 19 2021 boot
drwxr-xr-x. 18 root root 2880 Jun 27 08:30 dev
drwxr-xr-x. 88 root root 8192 Jun 27 15:14 etc
drwxr-xr-x. 3 root root 21 Dec 19 2021 home
lrwxrwxrwx. 1 root root 7 Jun 22 2021 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Jun 22 2021 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 Jun 22 2021 media
drwxr-xr-x. 2 root root 6 Jun 22 2021 mnt
drwxr-xr-x. 3 root root 39 Dec 19 2021 opt
dr-xr-xr-x. 134 root root 0 Jun 27 08:30 proc
dr-xr-x---. 2 root root 91 Dec 19 2021 root
drwxr-x---. 27 wazuh-indexer wazuh-indexer 860 Jun 28 11:08 run
lrwxrwxrwx. 1 root root 8 Jun 22 2021 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Jun 22 2021 srv
dr-xr-xr-x. 13 root root 0 Jun 27 08:30 sys
drwxrwxrwt. 6 root root 229 Jun 28 11:09 tmp
drwxr-xr-x. 12 root root 144 Dec 19 2021 usr
drwxrwxrwx. 1 vagrant vagrant 0 May 24 17:14 vagrant
drwxr-xr-x. 20 root root 278 Dec 19 2021 varAs this is a system folder, it can affect not only the Wazuh dashboard, but the overall system function. This should be investigated by @wazuh/devel-indexer |
|
Tested the installation with the fixed package from [root@localhost vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 14:37:30 UTC; 7s ago
Main PID: 8315 (node)
Tasks: 11 (limit: 49502)
Memory: 230.2M
CGroup: /system.slice/wazuh-dashboard.service
└─8315 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashbo>
Jul 02 14:37:37 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:37 localhost.localdomain opensearch-dashboards[8315]: {"type":"log","@timestamp":"2024-07-02T14:37:37Z","t>
Jul 02 14:37:37 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:37 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:37 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:38 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:38 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:38 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:38 localhost.localdomain opensearch-dashboards[8315]: [agentkeepalive:deprecated] options.freeSocketKeepAl>
Jul 02 14:37:38 localhost.localdomain opensearch-dashboards[8315]: {"type":"log","@timestamp":"2024-07-02T14:37:38Z","t>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related wazuh/wazuh-packages#3013
A problem is detected when installing pre-release package 4.9.0-1 in YUM environments.
A test is carried out on Centos 8 and also on Amazon Linux 2. The error is the following:
The installation was carried out using the installation assistant and step by step and the result was the same.
The text was updated successfully, but these errors were encountered: