Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate the Wazuh unattended scripts related files to wazuh-installation-assistant #19

Closed
6 tasks done
teddytpc1 opened this issue Aug 6, 2024 · 4 comments · Fixed by #31, #32, #33, #38 or wazuh/wazuh-packages#3089
Closed
6 tasks done
Assignees
Labels
level/subtask Subtask issue type/enhancement Enhancement issue

Comments

@teddytpc1
Copy link
Member

teddytpc1 commented Aug 6, 2024

Objective
wazuh/wazuh-packages#2904

Description

Because of the Wazuh packages redesign tier 2 objective we need to migrate the Wazuh installation assistant-related files from the wazuh-packages repository to this one.

Tasks

  • Migrate all the Wazuh installation assistant-related files from the wazuh-packages repository to this one (including the tests/unattended folder)
  • Modify the name of the directories from unattended_installer to installation_assistant if applies
  • Validate the Wazuh installation assistant, Wazuh password tool and Wazuh cert tool can be built locally after the migration
  • Validate the scripts work as expected
  • Migrate the existing Installation assistant actions
  • Remove Wazuh installation assistant files from wazuh-packages repository

Related

@teddytpc1 teddytpc1 changed the title MPV - Migrate the Wazuh unattended scripts related files to wazuh-installation-assistant Migrate the Wazuh unattended scripts related files to wazuh-installation-assistant Aug 8, 2024
@teddytpc1 teddytpc1 added type/enhancement Enhancement issue level/subtask Subtask issue labels Aug 8, 2024
@wazuhci wazuhci moved this to Backlog in Release 4.10.0 Aug 8, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.10.0 Aug 13, 2024
@davidcr01
Copy link
Contributor

davidcr01 commented Aug 19, 2024

Update Report

Progress

@davidcr01
Copy link
Contributor

davidcr01 commented Aug 19, 2024

Update Report

Validating script build

The scripts are built correctly after the migration:

wazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) bash builder.sh -iwazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ ls | grep wazuh-install
wazuh-install.shwazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ bash builder.sh -cwazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ ls | grep wazuh-certs
wazuh-certs-tool.shwazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ bash builder.sh -pwazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ ls | grep wazuh-pass  
wazuh-passwords-tool.shwazuh-installation-assistant git:(enhancement/19-installation-assistant-files-migration) ✗ 

A new issue has been created reported that, if the builder is not used without any parameter, it does not print the help: #24

@davidcr01
Copy link
Contributor

Update Report

Problem using the assistant

While validating the installation assistant, I encountered an issue when the assistant detects that there is an error connecting to the API:

0/08/2024 09:03:23 DEBUG: Configuring Wazuh manager.
20/08/2024 09:03:23 DEBUG: Setting provisional Wazuh indexer password.
20/08/2024 09:03:23 INFO: Wazuh manager vulnerability detection configuration finished.
20/08/2024 09:03:23 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
20/08/2024 09:03:38 INFO: wazuh-manager service started.
20/08/2024 09:03:38 INFO: Checking Wazuh API connection
20/08/2024 09:03:38 ERROR: Wazuh API connection Error. {
   "data": {
      "affected_items": [],
      "total_affected_items": 0,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "No agent information was returned",
   "error": 0
}
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
20/08/2024 09:03:38 INFO: --- Removing existing Wazuh installation ---

If I debug the execution trace, I see that curl returns a valid JSON where there is no error, but the assistant handles it as if there is one:

+ wm_error='{
   "data": {
      "affected_items": [],
      "total_affected_items": 0,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "No agent information was returned",
   "error": 0
}'
+ [[ {
   "data": {
      "affected_items": [],
      "total_affected_items": 0,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "no agent information was returned",
   "error": 0
} = \"\e\r\r\o\r\"\:\ \0 ]]
+ common_logger -e 'Wazuh API connection Error. {

If I look at the code that was incorporated in wazuh/wazuh-packages#3059, I see that the entire content of the vm_error variable is being passed to minuscules and compared with the string error: 0 (exact comparison, that is, the vm_error variable must only contain the string error: 0 for the condition to evaluate as true):

wm_error=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer ${TOKEN}")

if [[ ${wm_error,,} = '"error": 0' ]]; then
   common_logger "Wazuh API connection successful"

Caution

So maybe this is a false negative that needs to be investigated, and if it is a bug, it is necessary to open an issue reporting this.

@davidcr01
Copy link
Contributor

davidcr01 commented Aug 20, 2024

Update Report

Validating installation assistant

✔️ AIO installation - using -a option
root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -a -v
20/08/2024 10:10:39 DEBUG: Checking root permissions.
20/08/2024 10:10:39 DEBUG: Checking sudo package.
20/08/2024 10:10:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
20/08/2024 10:10:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/08/2024 10:10:39 DEBUG: APT package manager will be used.
20/08/2024 10:10:39 DEBUG: Checking system distribution.
20/08/2024 10:10:39 DEBUG: Detected distribution name: ubuntu
20/08/2024 10:10:39 DEBUG: Detected distribution version: 22
20/08/2024 10:10:39 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Fetched 257 kB in 0s (529 kB/s)
Reading package lists...
20/08/2024 10:10:48 DEBUG: Checking Wazuh installation.
20/08/2024 10:10:49 DEBUG: Checking system architecture.
20/08/2024 10:10:49 INFO: Verifying that your system meets the recommended minimum hardware requirements.
20/08/2024 10:10:49 DEBUG: CPU cores detected: 4
20/08/2024 10:10:49 DEBUG: Free RAM memory detected: 7847
20/08/2024 10:10:49 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:10:53 INFO: Wazuh web interface port will be 443.
20/08/2024 10:10:53 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:10:55 DEBUG: Installing prerequisites dependencies.
20/08/2024 10:10:58 DEBUG: Checking curl tool version.
20/08/2024 10:10:58 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [42.1 kB]
Fetched 59.4 kB in 0s (189 kB/s)
Reading package lists...
20/08/2024 10:11:00 INFO: Wazuh repository added.
20/08/2024 10:11:00 INFO: --- Configuration files ---
20/08/2024 10:11:00 INFO: Generating configuration files.
20/08/2024 10:11:00 DEBUG: Creating Wazuh certificates.
20/08/2024 10:11:00 DEBUG: Reading configuration file.
20/08/2024 10:11:00 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:11:00 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:11:00 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:11:00 INFO: Generating the root certificate.
20/08/2024 10:11:00 INFO: Generating Admin certificates.
20/08/2024 10:11:00 DEBUG: Generating Admin private key.
20/08/2024 10:11:01 DEBUG: Converting Admin private key to PKCS8 format.
20/08/2024 10:11:01 DEBUG: Generating Admin CSR.
20/08/2024 10:11:01 DEBUG: Creating Admin certificate.
20/08/2024 10:11:01 INFO: Generating Wazuh indexer certificates.
20/08/2024 10:11:01 DEBUG: Creating the certificates for wazuh-indexer indexer node.
20/08/2024 10:11:01 DEBUG: Generating certificate configuration.
20/08/2024 10:11:01 DEBUG: Creating the Wazuh indexer tmp key pair.
20/08/2024 10:11:01 DEBUG: Creating the Wazuh indexer certificates.
20/08/2024 10:11:01 INFO: Generating Filebeat certificates.
20/08/2024 10:11:01 DEBUG: Generating the certificates for wazuh-server server node.
20/08/2024 10:11:01 DEBUG: Generating certificate configuration.
20/08/2024 10:11:01 DEBUG: Creating the Wazuh server tmp key pair.
20/08/2024 10:11:01 DEBUG: Creating the Wazuh server certificates.
20/08/2024 10:11:01 INFO: Generating Wazuh dashboard certificates.
20/08/2024 10:11:01 DEBUG: Generating certificate configuration.
20/08/2024 10:11:01 DEBUG: Creating the Wazuh dashboard tmp key pair.
20/08/2024 10:11:01 DEBUG: Creating the Wazuh dashboard certificates.
20/08/2024 10:11:01 DEBUG: Cleaning certificate files.
20/08/2024 10:11:01 DEBUG: Generating password file.
20/08/2024 10:11:01 DEBUG: Generating random passwords.
20/08/2024 10:11:01 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
20/08/2024 10:11:01 DEBUG: Extracting Wazuh configuration.
20/08/2024 10:11:01 DEBUG: Reading configuration file.
20/08/2024 10:11:01 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:11:01 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:11:01 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:11:01 INFO: --- Wazuh indexer ---
20/08/2024 10:11:01 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/756 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:11:52 DEBUG: Checking Wazuh installation.
20/08/2024 10:11:53 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:11:53 INFO: Wazuh indexer installation finished.
20/08/2024 10:11:53 DEBUG: Configuring Wazuh indexer.
20/08/2024 10:11:53 DEBUG: Copying Wazuh indexer certificates.
20/08/2024 10:11:53 INFO: Wazuh indexer post-install configuration finished.
20/08/2024 10:11:53 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
20/08/2024 10:12:04 INFO: wazuh-indexer service started.
20/08/2024 10:12:04 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
20/08/2024 10:12:16 INFO: Wazuh indexer cluster security configuration initialized.
20/08/2024 10:12:16 INFO: Wazuh indexer cluster initialized.
20/08/2024 10:12:16 INFO: --- Wazuh server ---
20/08/2024 10:12:16 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/310 MB of archives. After this operation, 911 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:12:58 DEBUG: Checking Wazuh installation.
20/08/2024 10:12:58 DEBUG: There are Wazuh remaining files.
20/08/2024 10:12:58 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:12:59 INFO: Wazuh manager installation finished.
20/08/2024 10:12:59 DEBUG: Configuring Wazuh manager.
20/08/2024 10:12:59 DEBUG: Setting provisional Wazuh indexer password.
20/08/2024 10:12:59 INFO: Wazuh manager vulnerability detection configuration finished.
20/08/2024 10:12:59 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
20/08/2024 10:13:13 INFO: wazuh-manager service started.
20/08/2024 10:13:13 INFO: Checking Wazuh API connection
20/08/2024 10:13:13 INFO: Wazuh API connection successful
20/08/2024 10:13:13 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 0s (63.5 MB/s) Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:13:24 DEBUG: Checking Wazuh installation.
20/08/2024 10:13:25 DEBUG: There are Wazuh remaining files.
20/08/2024 10:13:25 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:13:26 DEBUG: There are Filebeat remaining files.
20/08/2024 10:13:26 INFO: Filebeat installation finished.
20/08/2024 10:13:26 DEBUG: Configuring Filebeat.
20/08/2024 10:13:26 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
20/08/2024 10:13:26 DEBUG: Filebeat module was downloaded successfully.
20/08/2024 10:13:26 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
20/08/2024 10:13:27 INFO: Filebeat post-install configuration finished.
20/08/2024 10:13:27 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
20/08/2024 10:13:28 INFO: filebeat service started.
20/08/2024 10:13:28 INFO: Checking Filebeat connection
20/08/2024 10:13:28 INFO: Filebeat connection successful
20/08/2024 10:13:28 INFO: --- Wazuh dashboard ---
20/08/2024 10:13:28 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 186 MB of archives. After this operation, 998 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-dashboard amd64 4.8.1-1 [186 MB] Fetched 186 MB in 4s (52.7 MB/s) Selecting previously unselec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:16:04 DEBUG: Checking Wazuh installation.
20/08/2024 10:16:04 DEBUG: There are Wazuh remaining files.
20/08/2024 10:16:04 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:16:05 DEBUG: There are Filebeat remaining files.
20/08/2024 10:16:05 DEBUG: There are Wazuh dashboard remaining files.
20/08/2024 10:16:05 INFO: Wazuh dashboard installation finished.
20/08/2024 10:16:05 DEBUG: Configuring Wazuh dashboard.
20/08/2024 10:16:05 DEBUG: Copying Wazuh dashboard certificates.
20/08/2024 10:16:05 DEBUG: Wazuh dashboard certificate setup finished.
20/08/2024 10:16:05 INFO: Wazuh dashboard post-install configuration finished.
20/08/2024 10:16:05 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
20/08/2024 10:16:05 INFO: wazuh-dashboard service started.
20/08/2024 10:16:05 DEBUG: Setting Wazuh indexer cluster passwords.
20/08/2024 10:16:05 DEBUG: Checking Wazuh installation.
20/08/2024 10:16:06 DEBUG: There are Wazuh remaining files.
20/08/2024 10:16:06 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:16:07 DEBUG: There are Filebeat remaining files.
20/08/2024 10:16:07 DEBUG: There are Wazuh dashboard remaining files.
20/08/2024 10:16:07 INFO: Updating the internal users.
20/08/2024 10:16:07 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
20/08/2024 10:16:10 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
20/08/2024 10:16:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
20/08/2024 10:16:10 DEBUG: The internal users have been updated before changing the passwords.
20/08/2024 10:16:10 DEBUG: Generating password hashes.
20/08/2024 10:16:14 DEBUG: Password hashes generated.
20/08/2024 10:16:14 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
20/08/2024 10:16:17 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
Successfully updated the keystore
20/08/2024 10:16:17 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
20/08/2024 10:16:17 DEBUG: Restarting filebeat service...
20/08/2024 10:16:17 DEBUG: filebeat started.
20/08/2024 10:16:17 DEBUG: Restarting wazuh-manager service...
20/08/2024 10:16:33 DEBUG: wazuh-manager started.
20/08/2024 10:16:34 DEBUG: Restarting wazuh-dashboard service...
20/08/2024 10:16:34 DEBUG: wazuh-dashboard started.
20/08/2024 10:16:34 DEBUG: Running security admin tool.
20/08/2024 10:16:34 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
20/08/2024 10:16:36 DEBUG: Passwords changed.
20/08/2024 10:16:36 DEBUG: Changing API passwords.
20/08/2024 10:16:44 INFO: Initializing Wazuh dashboard web application.
20/08/2024 10:16:44 INFO: Wazuh dashboard web application not yet initialized. Waiting...
20/08/2024 10:17:00 INFO: Wazuh dashboard web application not yet initialized. Waiting...
20/08/2024 10:17:15 INFO: Wazuh dashboard web application initialized.
20/08/2024 10:17:15 INFO: --- Summary ---
20/08/2024 10:17:15 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: Z*6rCVMO5QBu3bN1tptTI7JOMxaQzV95
20/08/2024 10:17:15 DEBUG: Restoring Wazuh repository.
20/08/2024 10:17:15 INFO: Installation finished.
✔️ Distributed installation - using -g, -wi, -ws, -ws, -s options
root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -g -v
20/08/2024 10:18:38 DEBUG: Checking root permissions.
20/08/2024 10:18:38 DEBUG: Checking sudo package.
20/08/2024 10:18:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
20/08/2024 10:18:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/08/2024 10:18:38 DEBUG: APT package manager will be used.
20/08/2024 10:18:38 DEBUG: Checking system distribution.
20/08/2024 10:18:38 DEBUG: Detected distribution name: ubuntu
20/08/2024 10:18:38 DEBUG: Detected distribution version: 22
20/08/2024 10:18:38 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:18:42 DEBUG: Checking Wazuh installation.
20/08/2024 10:18:43 DEBUG: Checking system architecture.
20/08/2024 10:18:43 INFO: Verifying that your system meets the recommended minimum hardware requirements.
20/08/2024 10:18:43 DEBUG: CPU cores detected: 4
20/08/2024 10:18:43 DEBUG: Free RAM memory detected: 7847
20/08/2024 10:18:43 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:18:47 INFO: --- Configuration files ---
20/08/2024 10:18:47 INFO: Generating configuration files.
20/08/2024 10:18:47 DEBUG: Checking if OpenSSL is installed.
20/08/2024 10:18:47 DEBUG: Creating Wazuh certificates.
20/08/2024 10:18:47 DEBUG: Reading configuration file.
20/08/2024 10:18:47 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:18:47 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:18:47 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:18:47 INFO: Generating the root certificate.
20/08/2024 10:18:47 INFO: Generating Admin certificates.
20/08/2024 10:18:47 DEBUG: Generating Admin private key.
20/08/2024 10:18:47 DEBUG: Converting Admin private key to PKCS8 format.
20/08/2024 10:18:47 DEBUG: Generating Admin CSR.
20/08/2024 10:18:47 DEBUG: Creating Admin certificate.
20/08/2024 10:18:47 INFO: Generating Wazuh indexer certificates.
20/08/2024 10:18:47 DEBUG: Creating the certificates for wazuh-indexer indexer node.
20/08/2024 10:18:47 DEBUG: Generating certificate configuration.
20/08/2024 10:18:47 DEBUG: Creating the Wazuh indexer tmp key pair.
20/08/2024 10:18:48 DEBUG: Creating the Wazuh indexer certificates.
20/08/2024 10:18:48 INFO: Generating Filebeat certificates.
20/08/2024 10:18:48 DEBUG: Generating the certificates for wazuh-server server node.
20/08/2024 10:18:48 DEBUG: Generating certificate configuration.
20/08/2024 10:18:48 DEBUG: Creating the Wazuh server tmp key pair.
20/08/2024 10:18:48 DEBUG: Creating the Wazuh server certificates.
20/08/2024 10:18:48 INFO: Generating Wazuh dashboard certificates.
20/08/2024 10:18:48 DEBUG: Generating certificate configuration.
20/08/2024 10:18:48 DEBUG: Creating the Wazuh dashboard tmp key pair.
20/08/2024 10:18:48 DEBUG: Creating the Wazuh dashboard certificates.
20/08/2024 10:18:48 DEBUG: Cleaning certificate files.
20/08/2024 10:18:48 DEBUG: Generating password file.
20/08/2024 10:18:48 DEBUG: Generating random passwords.
20/08/2024 10:18:48 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
root@ip-172-31-85-12:/home/ubuntu# 
root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -wi wazuh-indexer -v
20/08/2024 10:19:04 DEBUG: Checking root permissions.
20/08/2024 10:19:04 DEBUG: Checking sudo package.
20/08/2024 10:19:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
20/08/2024 10:19:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/08/2024 10:19:04 DEBUG: APT package manager will be used.
20/08/2024 10:19:04 DEBUG: Checking system distribution.
20/08/2024 10:19:04 DEBUG: Detected distribution name: ubuntu
20/08/2024 10:19:04 DEBUG: Detected distribution version: 22
20/08/2024 10:19:04 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:19:08 DEBUG: Checking Wazuh installation.
20/08/2024 10:19:09 DEBUG: Checking system architecture.
20/08/2024 10:19:09 INFO: Verifying that your system meets the recommended minimum hardware requirements.
20/08/2024 10:19:09 DEBUG: CPU cores detected: 4
20/08/2024 10:19:09 DEBUG: Free RAM memory detected: 7847
20/08/2024 10:19:09 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:19:13 DEBUG: Checking previous certificate existence.
20/08/2024 10:19:13 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:19:15 DEBUG: Installing prerequisites dependencies.
20/08/2024 10:19:17 DEBUG: Checking curl tool version.
20/08/2024 10:19:17 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [42.1 kB]
Fetched 59.4 kB in 0s (188 kB/s)
Reading package lists...
20/08/2024 10:19:18 INFO: Wazuh repository added.
20/08/2024 10:19:18 DEBUG: Extracting Wazuh configuration.
20/08/2024 10:19:18 DEBUG: Reading configuration file.
20/08/2024 10:19:18 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:19:18 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:19:18 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:19:18 DEBUG: Checking node names in the configuration file.
20/08/2024 10:19:18 INFO: --- Wazuh indexer ---
20/08/2024 10:19:18 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/756 MB of archives. After this operation, 1050 MB of additional disk space will be used. Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:20:09 DEBUG: Checking Wazuh installation.
20/08/2024 10:20:10 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:20:10 INFO: Wazuh indexer installation finished.
20/08/2024 10:20:10 DEBUG: Configuring Wazuh indexer.
20/08/2024 10:20:10 DEBUG: Copying Wazuh indexer certificates.
20/08/2024 10:20:10 INFO: Wazuh indexer post-install configuration finished.
20/08/2024 10:20:10 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
20/08/2024 10:20:21 INFO: wazuh-indexer service started.
20/08/2024 10:20:21 INFO: Initializing Wazuh indexer cluster security settings.
20/08/2024 10:20:22 DEBUG: Setting Wazuh indexer cluster passwords.
20/08/2024 10:20:22 DEBUG: Checking Wazuh installation.
20/08/2024 10:20:23 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:20:23 INFO: Wazuh indexer cluster initialized.
20/08/2024 10:20:23 DEBUG: Restoring Wazuh repository.
20/08/2024 10:20:23 INFO: Installation finished.
root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -s -v
20/08/2024 10:21:20 DEBUG: Checking root permissions.
20/08/2024 10:21:20 DEBUG: Checking sudo package.
20/08/2024 10:21:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
20/08/2024 10:21:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/08/2024 10:21:20 DEBUG: APT package manager will be used.
20/08/2024 10:21:20 DEBUG: Checking system distribution.
20/08/2024 10:21:20 DEBUG: Detected distribution name: ubuntu
20/08/2024 10:21:20 DEBUG: Detected distribution version: 22
20/08/2024 10:21:20 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:21:24 DEBUG: Checking Wazuh installation.
20/08/2024 10:21:24 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:21:25 DEBUG: Checking system architecture.
20/08/2024 10:21:25 INFO: Verifying that your system meets the recommended minimum hardware requirements.
20/08/2024 10:21:25 DEBUG: CPU cores detected: 4
20/08/2024 10:21:25 DEBUG: Free RAM memory detected: 7847
20/08/2024 10:21:25 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:21:29 DEBUG: Checking previous certificate existence.
20/08/2024 10:21:29 DEBUG: Extracting Wazuh configuration.
20/08/2024 10:21:29 DEBUG: Reading configuration file.
20/08/2024 10:21:29 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:21:29 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:21:29 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:21:29 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
20/08/2024 10:21:38 INFO: Wazuh indexer cluster security configuration initialized.
{"error":"Content-Type header [] is not supported","status":406}20/08/2024 10:22:03 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
20/08/2024 10:22:03 DEBUG: Setting Wazuh indexer cluster passwords.
20/08/2024 10:22:03 DEBUG: Checking Wazuh installation.
20/08/2024 10:22:03 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:22:04 INFO: Updating the internal users.
20/08/2024 10:22:04 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
20/08/2024 10:22:06 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
20/08/2024 10:22:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
20/08/2024 10:22:06 DEBUG: The internal users have been updated before changing the passwords.
20/08/2024 10:22:06 DEBUG: Generating password hashes.
20/08/2024 10:22:10 DEBUG: Password hashes generated.
20/08/2024 10:22:10 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
20/08/2024 10:22:12 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
20/08/2024 10:22:12 DEBUG: Running security admin tool.
20/08/2024 10:22:12 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
20/08/2024 10:22:14 DEBUG: Passwords changed.
20/08/2024 10:22:14 DEBUG: Restoring Wazuh repository.
20/08/2024 10:22:14 INFO: Wazuh indexer cluster started.
root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -ws wazuh-server -v
20/08/2024 10:24:41 DEBUG: Checking root permissions.
20/08/2024 10:24:41 DEBUG: Checking sudo package.
20/08/2024 10:24:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
20/08/2024 10:24:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/08/2024 10:24:41 DEBUG: APT package manager will be used.
20/08/2024 10:24:41 DEBUG: Checking system distribution.
20/08/2024 10:24:41 DEBUG: Detected distribution name: ubuntu
20/08/2024 10:24:41 DEBUG: Detected distribution version: 22
20/08/2024 10:24:41 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease
Reading package lists...
20/08/2024 10:24:45 DEBUG: Checking Wazuh installation.
20/08/2024 10:24:46 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:24:46 DEBUG: Checking system architecture.
20/08/2024 10:24:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
20/08/2024 10:24:46 DEBUG: CPU cores detected: 4
20/08/2024 10:24:46 DEBUG: Free RAM memory detected: 7847
20/08/2024 10:24:46 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:24:50 DEBUG: Checking previous certificate existence.
20/08/2024 10:24:50 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:24:52 DEBUG: Installing prerequisites dependencies.
20/08/2024 10:24:54 DEBUG: Checking curl tool version.
20/08/2024 10:24:54 DEBUG: Adding the Wazuh repository.
20/08/2024 10:24:54 DEBUG: Wazuh repository already exists. Skipping addition.
20/08/2024 10:24:54 INFO: Wazuh repository added.
20/08/2024 10:24:54 DEBUG: Extracting Wazuh configuration.
20/08/2024 10:24:54 DEBUG: Reading configuration file.
20/08/2024 10:24:54 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:24:54 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:24:54 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:24:54 DEBUG: Checking node names in the configuration file.
20/08/2024 10:24:54 INFO: --- Wazuh server ---
20/08/2024 10:24:54 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/310 MB of archives. After this operation, 911 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:25:36 DEBUG: Checking Wazuh installation.
20/08/2024 10:25:36 DEBUG: There are Wazuh remaining files.
20/08/2024 10:25:37 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:25:37 INFO: Wazuh manager installation finished.
20/08/2024 10:25:37 DEBUG: Configuring Wazuh manager.
20/08/2024 10:25:37 DEBUG: Setting provisional Wazuh indexer password.
20/08/2024 10:25:37 INFO: Wazuh manager vulnerability detection configuration finished.
20/08/2024 10:25:37 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
20/08/2024 10:25:52 INFO: wazuh-manager service started.
20/08/2024 10:25:52 INFO: Checking Wazuh API connection
20/08/2024 10:25:53 INFO: Wazuh API connection successful
20/08/2024 10:25:53 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:26:03 DEBUG: Checking Wazuh installation.
20/08/2024 10:26:03 DEBUG: There are Wazuh remaining files.
20/08/2024 10:26:04 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:26:04 DEBUG: There are Filebeat remaining files.
20/08/2024 10:26:04 INFO: Filebeat installation finished.
20/08/2024 10:26:04 DEBUG: Configuring Filebeat.
20/08/2024 10:26:04 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
20/08/2024 10:26:04 DEBUG: Filebeat module was downloaded successfully.
20/08/2024 10:26:04 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
20/08/2024 10:26:06 INFO: Filebeat post-install configuration finished.
20/08/2024 10:26:06 DEBUG: Setting Wazuh indexer cluster passwords.
20/08/2024 10:26:06 DEBUG: Checking Wazuh installation.
20/08/2024 10:26:07 DEBUG: There are Wazuh remaining files.
20/08/2024 10:26:07 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:26:08 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
Successfully updated the keystore
20/08/2024 10:26:09 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
20/08/2024 10:26:09 DEBUG: Restarting filebeat service...
20/08/2024 10:26:09 DEBUG: filebeat started.
20/08/2024 10:26:09 DEBUG: Restarting wazuh-manager service...
20/08/2024 10:26:25 DEBUG: wazuh-manager started.
20/08/2024 10:26:25 DEBUG: Changing API passwords.
20/08/2024 10:26:28 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
20/08/2024 10:26:29 INFO: filebeat service started.
20/08/2024 10:26:29 INFO: Checking Filebeat connection
20/08/2024 10:26:29 INFO: Filebeat connection successful
20/08/2024 10:26:29 DEBUG: Restoring Wazuh repository.
20/08/2024 10:26:29 INFO: Installation finished.
root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -wd wazuh-dashboard -v
20/08/2024 10:34:28 DEBUG: Checking root permissions.
20/08/2024 10:34:28 DEBUG: Checking sudo package.
20/08/2024 10:34:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
20/08/2024 10:34:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/08/2024 10:34:28 DEBUG: APT package manager will be used.
20/08/2024 10:34:28 DEBUG: Checking system distribution.
20/08/2024 10:34:28 DEBUG: Detected distribution name: ubuntu
20/08/2024 10:34:28 DEBUG: Detected distribution version: 22
20/08/2024 10:34:28 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:34:32 DEBUG: Checking Wazuh installation.
20/08/2024 10:34:33 DEBUG: There are Wazuh remaining files.
20/08/2024 10:34:33 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:34:33 DEBUG: There are Filebeat remaining files.
20/08/2024 10:34:34 DEBUG: Checking system architecture.
20/08/2024 10:34:34 INFO: Verifying that your system meets the recommended minimum hardware requirements.
20/08/2024 10:34:34 DEBUG: CPU cores detected: 4
20/08/2024 10:34:34 DEBUG: Free RAM memory detected: 7847
20/08/2024 10:34:34 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:34:38 DEBUG: Checking previous certificate existence.
20/08/2024 10:34:38 INFO: Wazuh web interface port will be 443.
20/08/2024 10:34:38 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
20/08/2024 10:34:41 DEBUG: Installing prerequisites dependencies.
20/08/2024 10:34:42 DEBUG: Checking curl tool version.
20/08/2024 10:34:42 DEBUG: Adding the Wazuh repository.
20/08/2024 10:34:42 DEBUG: Wazuh repository already exists. Skipping addition.
20/08/2024 10:34:42 INFO: Wazuh repository added.
20/08/2024 10:34:42 DEBUG: Extracting Wazuh configuration.
20/08/2024 10:34:42 DEBUG: Reading configuration file.
20/08/2024 10:34:43 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:34:43 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:34:43 DEBUG: Checking if 127.0.0.1 is private.
20/08/2024 10:34:43 DEBUG: Checking node names in the configuration file.
20/08/2024 10:34:43 INFO: --- Wazuh dashboard ----
20/08/2024 10:34:43 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 998 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
20/08/2024 10:35:24 DEBUG: Checking Wazuh installation.
20/08/2024 10:35:24 DEBUG: There are Wazuh remaining files.
20/08/2024 10:35:25 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:35:25 DEBUG: There are Filebeat remaining files.
20/08/2024 10:35:25 DEBUG: There are Wazuh dashboard remaining files.
20/08/2024 10:35:25 INFO: Wazuh dashboard installation finished.
20/08/2024 10:35:25 DEBUG: Configuring Wazuh dashboard.
20/08/2024 10:35:25 DEBUG: Copying Wazuh dashboard certificates.
20/08/2024 10:35:25 DEBUG: Wazuh dashboard certificate setup finished.
20/08/2024 10:35:25 INFO: Wazuh dashboard post-install configuration finished.
20/08/2024 10:35:26 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
20/08/2024 10:35:26 INFO: wazuh-dashboard service started.
20/08/2024 10:35:26 DEBUG: Setting Wazuh indexer cluster passwords.
20/08/2024 10:35:26 DEBUG: Checking Wazuh installation.
20/08/2024 10:35:26 DEBUG: There are Wazuh remaining files.
20/08/2024 10:35:27 DEBUG: There are Wazuh indexer remaining files.
20/08/2024 10:35:27 DEBUG: There are Filebeat remaining files.
20/08/2024 10:35:28 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
20/08/2024 10:35:28 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
20/08/2024 10:35:28 DEBUG: Restarting filebeat service...
20/08/2024 10:35:28 DEBUG: filebeat started.
20/08/2024 10:35:28 DEBUG: Restarting wazuh-manager service...
20/08/2024 10:35:43 DEBUG: wazuh-manager started.
20/08/2024 10:35:43 DEBUG: Restarting wazuh-dashboard service...
20/08/2024 10:35:44 DEBUG: wazuh-dashboard started.
20/08/2024 10:35:44 DEBUG: Changing API passwords.
20/08/2024 10:35:59 INFO: Initializing Wazuh dashboard web application.
20/08/2024 10:36:00 DEBUG: Wazuh dashboard connection was successful.
20/08/2024 10:36:00 INFO: Wazuh dashboard web application initialized.
20/08/2024 10:36:00 INFO: --- Summary ---
20/08/2024 10:36:00 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: ihsKVcXjs*R5xCMLFcP.5kt0nLi*EKNe
20/08/2024 10:36:00 DEBUG: Restoring Wazuh repository.
20/08/2024 10:36:00 INFO: Installation finished.
root@ip-172-31-85-12:/home/ubuntu# 
✔️ Uninstalling - using -u option
root@ip-172-31-85-12:/home/ubuntu# bash wazuh-install.sh -u
20/08/2024 10:17:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
20/08/2024 10:17:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/08/2024 10:17:43 INFO: Removing Wazuh manager.
20/08/2024 10:17:54 INFO: Wazuh manager removed.
20/08/2024 10:17:54 INFO: Removing Wazuh indexer.
20/08/2024 10:18:00 INFO: Wazuh indexer removed.
20/08/2024 10:18:00 INFO: Removing Filebeat.
20/08/2024 10:18:04 INFO: Filebeat removed.
20/08/2024 10:18:04 INFO: Removing Wazuh dashboard.
20/08/2024 10:18:12 INFO: Wazuh dashboard removed.
root@ip-172-31-85-12:/home/ubuntu# 
✔️ Offline installation - using -dw and -of options
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -g
21/08/2024 07:57:17 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
21/08/2024 07:57:17 INFO: Verbose logging redirected to /var/log/wazuh-install.log
21/08/2024 07:57:21 INFO: Verifying that your system meets the recommended minimum hardware requirements.
21/08/2024 07:57:21 INFO: --- Configuration files ---
21/08/2024 07:57:21 INFO: Generating configuration files.
21/08/2024 07:57:22 INFO: Generating the root certificate.
21/08/2024 07:57:22 INFO: Generating Admin certificates.
21/08/2024 07:57:22 INFO: Generating Wazuh indexer certificates.
21/08/2024 07:57:22 INFO: Generating Filebeat certificates.
21/08/2024 07:57:23 INFO: Generating Wazuh dashboard certificates.
21/08/2024 07:57:23 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -dw deb
21/08/2024 07:57:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
21/08/2024 07:57:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log
21/08/2024 07:57:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
21/08/2024 07:57:32 INFO: --- Download Packages ---
21/08/2024 07:57:32 INFO: Starting Wazuh packages download.
21/08/2024 07:57:32 INFO: Downloading Wazuh deb packages for x86_64.
21/08/2024 07:57:42 INFO: The manager package was downloaded.
21/08/2024 07:57:42 INFO: The filebeat package was downloaded.
21/08/2024 07:57:44 INFO: The indexer package was downloaded.
21/08/2024 07:57:45 INFO: The dashboard package was downloaded.
21/08/2024 07:57:45 INFO: The packages are in wazuh-offline/wazuh-packages
21/08/2024 07:57:45 INFO: Downloading configuration files and assets.
21/08/2024 07:57:45 INFO: The resource https://packages.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
21/08/2024 07:57:45 INFO: The resource https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded.
21/08/2024 07:57:45 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
21/08/2024 07:57:45 INFO: The resource https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
21/08/2024 07:57:45 INFO: The configuration files and assets are in wazuh-offline.tar.gz
21/08/2024 07:58:26 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
root@ip-172-31-94-60:/home/ubuntu# ping google.es
PING google.es (142.251.111.94) 56(84) bytes of data.
^C
--- google.es ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2025ms
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -wi wazuh-indexer -v
21/08/2024 08:11:22 DEBUG: Checking root permissions.
21/08/2024 08:11:22 DEBUG: Checking sudo package.
21/08/2024 08:11:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
21/08/2024 08:11:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
21/08/2024 08:11:22 DEBUG: APT package manager will be used.
21/08/2024 08:11:22 DEBUG: Checking system distribution.
21/08/2024 08:11:22 DEBUG: Detected distribution name: ubuntu
21/08/2024 08:11:22 DEBUG: Detected distribution version: 22
21/08/2024 08:11:22 INFO: Checking installed dependencies for Offline installation.
21/08/2024 08:11:24 DEBUG: Offline dependencies are installed.
21/08/2024 08:11:24 DEBUG: Checking Wazuh installation.
21/08/2024 08:11:25 DEBUG: Checking system architecture.
21/08/2024 08:11:25 INFO: Verifying that your system meets the recommended minimum hardware requirements.
21/08/2024 08:11:25 DEBUG: CPU cores detected: 4
21/08/2024 08:11:25 DEBUG: Free RAM memory detected: 7847
21/08/2024 08:11:25 DEBUG: Checking previous certificate existence.
21/08/2024 08:11:25 DEBUG: Checking ports availability.
21/08/2024 08:11:25 INFO: Checking prerequisites for Offline installation.
21/08/2024 08:11:27 DEBUG: Offline prerequisites are installed.
21/08/2024 08:11:27 INFO: Checking wazuh-offline.tar.gz file.
21/08/2024 08:11:27 DEBUG: wazuh-offline.tar.gz was found correctly.
21/08/2024 08:11:27 DEBUG: Extracting files from wazuh-offline.tar.gz
21/08/2024 08:11:27 DEBUG: Offline files extracted successfully.
21/08/2024 08:11:27 DEBUG: Checking curl tool version.
21/08/2024 08:11:27 DEBUG: Extracting Wazuh configuration.
21/08/2024 08:11:27 DEBUG: Reading configuration file.
21/08/2024 08:11:27 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:11:27 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:11:27 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:11:27 DEBUG: Checking node names in the configuration file.
21/08/2024 08:11:27 INFO: --- Wazuh indexer ---
21/08/2024 08:11:27 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/756 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-indexer_4.8.1-1_amd64.deb wazuh-indexer amd64 4.8.1-1 [756 MB] Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
21/08/2024 08:12:21 DEBUG: Checking Wazuh installation.
21/08/2024 08:12:21 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:12:22 INFO: Wazuh indexer installation finished.
21/08/2024 08:12:22 DEBUG: Configuring Wazuh indexer.
21/08/2024 08:12:22 DEBUG: Copying Wazuh indexer certificates.
21/08/2024 08:12:22 INFO: Wazuh indexer post-install configuration finished.
21/08/2024 08:12:22 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
21/08/2024 08:12:33 INFO: wazuh-indexer service started.
21/08/2024 08:12:33 INFO: Initializing Wazuh indexer cluster security settings.
21/08/2024 08:12:33 DEBUG: Setting Wazuh indexer cluster passwords.
21/08/2024 08:12:33 DEBUG: Checking Wazuh installation.
21/08/2024 08:12:34 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:12:35 INFO: Wazuh indexer cluster initialized.
21/08/2024 08:12:35 INFO: Installation finished.
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -s -v
21/08/2024 08:12:46 DEBUG: Checking root permissions.
21/08/2024 08:12:46 DEBUG: Checking sudo package.
21/08/2024 08:12:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
21/08/2024 08:12:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log
21/08/2024 08:12:46 DEBUG: APT package manager will be used.
21/08/2024 08:12:46 DEBUG: Checking system distribution.
21/08/2024 08:12:46 DEBUG: Detected distribution name: ubuntu
21/08/2024 08:12:46 DEBUG: Detected distribution version: 22
21/08/2024 08:12:46 INFO: Checking installed dependencies for Offline installation.
21/08/2024 08:12:48 DEBUG: Offline dependencies are installed.
21/08/2024 08:12:48 DEBUG: Checking Wazuh installation.
21/08/2024 08:12:48 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:12:49 DEBUG: Checking system architecture.
21/08/2024 08:12:49 INFO: Verifying that your system meets the recommended minimum hardware requirements.
21/08/2024 08:12:49 DEBUG: CPU cores detected: 4
21/08/2024 08:12:49 DEBUG: Free RAM memory detected: 7847
21/08/2024 08:12:49 DEBUG: Checking previous certificate existence.
21/08/2024 08:12:49 INFO: Checking wazuh-offline.tar.gz file.
21/08/2024 08:12:49 DEBUG: wazuh-offline.tar.gz was found correctly.
21/08/2024 08:12:49 DEBUG: Extracting files from wazuh-offline.tar.gz
21/08/2024 08:12:49 DEBUG: Offline files extracted successfully.
21/08/2024 08:12:49 DEBUG: Extracting Wazuh configuration.
21/08/2024 08:12:49 DEBUG: Reading configuration file.
21/08/2024 08:12:49 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:12:49 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:12:49 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:12:49 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
21/08/2024 08:12:57 INFO: Wazuh indexer cluster security configuration initialized.
21/08/2024 08:12:57 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
21/08/2024 08:12:57 DEBUG: Setting Wazuh indexer cluster passwords.
21/08/2024 08:12:57 DEBUG: Checking Wazuh installation.
21/08/2024 08:12:58 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:12:59 INFO: Updating the internal users.
21/08/2024 08:12:59 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
21/08/2024 08:13:00 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
21/08/2024 08:13:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
21/08/2024 08:13:00 DEBUG: The internal users have been updated before changing the passwords.
21/08/2024 08:13:01 DEBUG: Generating password hashes.
21/08/2024 08:13:04 DEBUG: Password hashes generated.
21/08/2024 08:13:04 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
21/08/2024 08:13:06 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
21/08/2024 08:13:06 DEBUG: Running security admin tool.
21/08/2024 08:13:06 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
21/08/2024 08:13:08 DEBUG: Passwords changed.
21/08/2024 08:13:08 INFO: Wazuh indexer cluster started.
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -ws wazuh-server -v
21/08/2024 08:13:20 DEBUG: Checking root permissions.
21/08/2024 08:13:20 DEBUG: Checking sudo package.
21/08/2024 08:13:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
21/08/2024 08:13:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log
21/08/2024 08:13:20 DEBUG: APT package manager will be used.
21/08/2024 08:13:20 DEBUG: Checking system distribution.
21/08/2024 08:13:20 DEBUG: Detected distribution name: ubuntu
21/08/2024 08:13:20 DEBUG: Detected distribution version: 22
21/08/2024 08:13:20 INFO: Checking installed dependencies for Offline installation.
21/08/2024 08:13:21 DEBUG: Offline dependencies are installed.
21/08/2024 08:13:21 DEBUG: Checking Wazuh installation.
21/08/2024 08:13:22 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:13:22 DEBUG: Checking system architecture.
21/08/2024 08:13:22 INFO: Verifying that your system meets the recommended minimum hardware requirements.
21/08/2024 08:13:22 DEBUG: CPU cores detected: 4
21/08/2024 08:13:22 DEBUG: Free RAM memory detected: 7847
21/08/2024 08:13:22 DEBUG: Checking previous certificate existence.
21/08/2024 08:13:22 DEBUG: Checking ports availability.
21/08/2024 08:13:23 INFO: Checking prerequisites for Offline installation.
21/08/2024 08:13:24 DEBUG: Offline prerequisites are installed.
21/08/2024 08:13:24 INFO: Checking wazuh-offline.tar.gz file.
21/08/2024 08:13:24 DEBUG: wazuh-offline.tar.gz was found correctly.
21/08/2024 08:13:24 DEBUG: Extracting files from wazuh-offline.tar.gz
21/08/2024 08:13:24 DEBUG: Offline files extracted successfully.
21/08/2024 08:13:24 DEBUG: Checking curl tool version.
21/08/2024 08:13:24 DEBUG: Extracting Wazuh configuration.
21/08/2024 08:13:24 DEBUG: Reading configuration file.
21/08/2024 08:13:24 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:13:24 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:13:24 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:13:24 DEBUG: Checking node names in the configuration file.
21/08/2024 08:13:24 INFO: --- Wazuh server ---
21/08/2024 08:13:24 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/310 MB of archives. After this operation, 911 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-manager_4.8.1-1_amd64.deb wazuh-manager amd64 4.8.1-1 [310 MB] Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
21/08/2024 08:14:08 DEBUG: Checking Wazuh installation.
21/08/2024 08:14:08 DEBUG: There are Wazuh remaining files.
21/08/2024 08:14:08 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:14:09 INFO: Wazuh manager installation finished.
21/08/2024 08:14:09 DEBUG: Configuring Wazuh manager.
21/08/2024 08:14:09 DEBUG: Setting provisional Wazuh indexer password.
21/08/2024 08:14:09 INFO: Wazuh manager vulnerability detection configuration finished.
21/08/2024 08:14:09 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
21/08/2024 08:14:22 INFO: wazuh-manager service started.
21/08/2024 08:14:22 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-pack NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: motd-news.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
21/08/2024 08:14:33 DEBUG: Checking Wazuh installation.
21/08/2024 08:14:33 DEBUG: There are Wazuh remaining files.
21/08/2024 08:14:33 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:14:34 DEBUG: There are Filebeat remaining files.
21/08/2024 08:14:34 INFO: Filebeat installation finished.
21/08/2024 08:14:34 DEBUG: Configuring Filebeat.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
21/08/2024 08:14:34 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
21/08/2024 08:14:35 INFO: Filebeat post-install configuration finished.
21/08/2024 08:14:35 DEBUG: Setting Wazuh indexer cluster passwords.
21/08/2024 08:14:35 DEBUG: Checking Wazuh installation.
21/08/2024 08:14:35 DEBUG: There are Wazuh remaining files.
21/08/2024 08:14:35 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:14:36 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
Successfully updated the keystore
21/08/2024 08:14:37 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
21/08/2024 08:14:37 DEBUG: Restarting filebeat service...
21/08/2024 08:14:38 DEBUG: filebeat started.
21/08/2024 08:14:38 DEBUG: Restarting wazuh-manager service...
21/08/2024 08:14:56 DEBUG: wazuh-manager started.
21/08/2024 08:14:56 DEBUG: Changing API passwords.
21/08/2024 08:14:59 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
21/08/2024 08:15:00 INFO: filebeat service started.
21/08/2024 08:15:00 INFO: Installation finished.
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-install.sh -of -wd wazuh-dashboard -v
21/08/2024 08:15:39 DEBUG: Checking root permissions.
21/08/2024 08:15:39 DEBUG: Checking sudo package.
21/08/2024 08:15:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.1
21/08/2024 08:15:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
21/08/2024 08:15:39 DEBUG: APT package manager will be used.
21/08/2024 08:15:39 DEBUG: Checking system distribution.
21/08/2024 08:15:39 DEBUG: Detected distribution name: ubuntu
21/08/2024 08:15:39 DEBUG: Detected distribution version: 22
21/08/2024 08:15:39 INFO: Checking installed dependencies for Offline installation.
21/08/2024 08:15:40 DEBUG: Offline dependencies are installed.
21/08/2024 08:15:40 DEBUG: Checking Wazuh installation.
21/08/2024 08:15:40 DEBUG: There are Wazuh remaining files.
21/08/2024 08:15:41 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:15:41 DEBUG: There are Filebeat remaining files.
21/08/2024 08:15:41 DEBUG: Checking system architecture.
21/08/2024 08:15:41 INFO: Verifying that your system meets the recommended minimum hardware requirements.
21/08/2024 08:15:41 DEBUG: CPU cores detected: 4
21/08/2024 08:15:41 DEBUG: Free RAM memory detected: 7847
21/08/2024 08:15:41 DEBUG: Checking previous certificate existence.
21/08/2024 08:15:41 INFO: Wazuh web interface port will be 443.
21/08/2024 08:15:41 DEBUG: Checking ports availability.
21/08/2024 08:15:42 INFO: Checking prerequisites for Offline installation.
21/08/2024 08:15:44 DEBUG: Offline prerequisites are installed.
21/08/2024 08:15:44 INFO: Checking wazuh-offline.tar.gz file.
21/08/2024 08:15:44 DEBUG: wazuh-offline.tar.gz was found correctly.
21/08/2024 08:15:44 DEBUG: Extracting files from wazuh-offline.tar.gz
21/08/2024 08:15:44 DEBUG: Offline files extracted successfully.
21/08/2024 08:15:44 DEBUG: Checking curl tool version.
21/08/2024 08:15:44 DEBUG: Extracting Wazuh configuration.
21/08/2024 08:15:44 DEBUG: Reading configuration file.
21/08/2024 08:15:44 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:15:44 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:15:44 DEBUG: Checking if 127.0.0.1 is private.
21/08/2024 08:15:44 DEBUG: Checking node names in the configuration file.
21/08/2024 08:15:44 INFO: --- Wazuh dashboard ----
21/08/2024 08:15:44 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded. Need to get 0 B/186 MB of archives. After this operation, 998 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-offline/wazuh-packages/wazuh-dashboard_4.8.1-1_amd64.deb wazuh-dashboard amd64 4.8.1-1 [186 MB] Selecting previously unselected pa NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
21/08/2024 08:17:41 DEBUG: Checking Wazuh installation.
21/08/2024 08:17:42 DEBUG: There are Wazuh remaining files.
21/08/2024 08:17:42 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:17:42 DEBUG: There are Filebeat remaining files.
21/08/2024 08:17:43 DEBUG: There are Wazuh dashboard remaining files.
21/08/2024 08:17:43 INFO: Wazuh dashboard installation finished.
21/08/2024 08:17:43 DEBUG: Configuring Wazuh dashboard.
21/08/2024 08:17:43 DEBUG: Copying Wazuh dashboard certificates.
21/08/2024 08:17:43 DEBUG: Wazuh dashboard certificate setup finished.
21/08/2024 08:17:43 INFO: Wazuh dashboard post-install configuration finished.
21/08/2024 08:17:43 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
21/08/2024 08:17:43 INFO: wazuh-dashboard service started.
21/08/2024 08:17:43 DEBUG: Setting Wazuh indexer cluster passwords.
21/08/2024 08:17:43 DEBUG: Checking Wazuh installation.
21/08/2024 08:17:43 DEBUG: There are Wazuh remaining files.
21/08/2024 08:17:44 DEBUG: There are Wazuh indexer remaining files.
21/08/2024 08:17:44 DEBUG: There are Filebeat remaining files.
21/08/2024 08:17:44 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
21/08/2024 08:17:45 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
21/08/2024 08:17:45 DEBUG: Restarting filebeat service...
21/08/2024 08:17:45 DEBUG: filebeat started.
21/08/2024 08:17:45 DEBUG: Restarting wazuh-manager service...
21/08/2024 08:19:03 DEBUG: wazuh-manager started.
21/08/2024 08:19:04 DEBUG: Restarting wazuh-dashboard service...
21/08/2024 08:19:04 DEBUG: wazuh-dashboard started.
21/08/2024 08:19:04 DEBUG: Changing API passwords.
21/08/2024 08:19:19 INFO: Initializing Wazuh dashboard web application.
21/08/2024 08:19:20 DEBUG: Wazuh dashboard connection was successful.
21/08/2024 08:19:20 INFO: Wazuh dashboard web application initialized.
21/08/2024 08:19:20 INFO: --- Summary ---
21/08/2024 08:19:20 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: UF9Lj46KjLN*4UA3?rcR+rZNBC6zaQA7
21/08/2024 08:19:20 INFO: Installation finished.

Validating cert tool

✔️ Generating root CA certificate - using -ca option
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-certs-tool.sh -ca
21/08/2024 08:30:07 INFO: Verbose logging redirected to /home/ubuntu/wazuh-certificates-tool.log
21/08/2024 08:30:07 INFO: Generating the root certificate.
21/08/2024 08:30:07 INFO: Authority certificates created.
✔️ Generating admin certificate - using -a option
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-certs-tool.sh -a /home/ubuntu/certificates/root-ca.pem /home/ubuntu/certificates/root-ca.key 
21/08/2024 08:31:45 INFO: Verbose logging redirected to /home/ubuntu/wazuh-certificates-tool.log
21/08/2024 08:31:45 INFO: Generating Admin certificates.
21/08/2024 08:31:45 INFO: Admin certificates created.
root@ip-172-31-94-60:/home/ubuntu# ls wazuh-certificates
admin-key.pem  admin.pem  root-ca.key  root-ca.pem
✔️ Generating all the certificates - using -A option
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-certs-tool.sh -A
21/08/2024 08:32:40 INFO: Verbose logging redirected to /home/ubuntu/wazuh-certificates-tool.log
21/08/2024 08:32:40 INFO: Generating the root certificate.
21/08/2024 08:32:40 INFO: Generating Admin certificates.
21/08/2024 08:32:41 INFO: Admin certificates created.
21/08/2024 08:32:41 INFO: Generating Wazuh indexer certificates.
21/08/2024 08:32:41 INFO: Wazuh indexer certificates created.
21/08/2024 08:32:41 INFO: Generating Filebeat certificates.
21/08/2024 08:32:41 INFO: Wazuh Filebeat certificates created.
21/08/2024 08:32:41 INFO: Generating Wazuh dashboard certificates.
21/08/2024 08:32:42 INFO: Wazuh dashboard certificates created.
root@ip-172-31-94-60:/home/ubuntu# ls wazuh-certificates
admin-key.pem  root-ca.key  wazuh-dashboard-key.pem  wazuh-indexer-key.pem  wazuh-server-key.pem
admin.pem      root-ca.pem  wazuh-dashboard.pem      wazuh-indexer.pem      wazuh-server.pem
root@ip-172-31-94-60:/home/ubuntu# 

Validating password tool

✔️ Changing all passwords - using -a, --api, -au, -ap options
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-passwords-tool.sh -a --api -au wazuh -ap .vSatL6Pcl7x2ZLiM1Ud1aCF+wJeRuM.
21/08/2024 08:22:31 INFO: Updating the internal users.
21/08/2024 08:22:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
21/08/2024 08:22:39 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
21/08/2024 08:23:40 INFO: The password for user admin is F.r3dqlR1S57vpOp4M0r44akGq.rUM2U
21/08/2024 08:23:40 INFO: The password for user kibanaserver is *Ei85bi*uaHdIVAk8T1..q?g6oUqf3n*
21/08/2024 08:23:40 INFO: The password for user kibanaro is oBxZ?eQ7a?jKS1q5ytyVuVX2?QnnD?a3
21/08/2024 08:23:40 INFO: The password for user logstash is h8G03jylLN9xcO3Mpn7F.?DiAWacv6SQ
21/08/2024 08:23:40 INFO: The password for user readall is j5EMpSzA53vJs.*Zl3CMntGG23WJLZrb
21/08/2024 08:23:40 INFO: The password for user snapshotrestore is hN+U5prON+.TDFDbw808MB76a+RqZ68Y
21/08/2024 08:23:40 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
21/08/2024 08:23:42 INFO: The password for Wazuh API user wazuh is WTr17?y7?TdAxhECMXT3m6YQ5W41Vm1h
21/08/2024 08:23:42 INFO: The password for Wazuh API user wazuh-wui is +nmN3NZ+PIE9*Asfki2p8m6hf04S1Q00
21/08/2024 08:23:42 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
root@ip-172-31-94-60:/home/ubuntu# 
✔️ Changing user password - using -u, p options
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-passwords-tool.sh -u admin -p Changingpasswordtest123+
21/08/2024 08:25:35 INFO: Updating the internal users.
21/08/2024 08:25:37 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
21/08/2024 08:25:37 INFO: Generating password hash
21/08/2024 08:25:39 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
21/08/2024 08:26:57 WARNING: Password changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
✔️ Generating password file - using -gf option
root@ip-172-31-94-60:/home/ubuntu# bash wazuh-passwords-tool.sh -gf /home/ubuntu/passwords.txt
root@ip-172-31-94-60:/home/ubuntu# cat passwords.txt 
# Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard
  indexer_username: 'admin'
  indexer_password: 'S+058hkTKpCBN+FmZ1M4q.NdYLtKWrVG'

# Wazuh dashboard user for establishing the connection with Wazuh indexer
  indexer_username: 'kibanaserver'
  indexer_password: 'KMRa2**KI06uq7R+q.BtAnMjc2lTv?7x'

# Regular Dashboard user, only has read permissions to all indices and all permissions on the .kibana index
  indexer_username: 'kibanaro'
  indexer_password: 'aRy6fFlK0uK7dosiWhF?Rdy5cAHF+0U1'

# Filebeat user for CRUD operations on Wazuh indices
  indexer_username: 'logstash'
  indexer_password: 'y2Nbzr1DqaV?wfTk8+B.HPg?a.ui4C5g'

# User with READ access to all indices
  indexer_username: 'readall'
  indexer_password: '9PV7NBjE+hWq6kHjceqNWIwlz40iA8kG'

# User with permissions to perform snapshot and restore operations
  indexer_username: 'snapshotrestore'
  indexer_password: 'UpV43+LENxYcCNrWOcuMNWN8.hI.cmZv'

# Password for wazuh API user
  api_username: 'wazuh'
  api_password: '+CYesXzUiF9LNytf3PgPlNmr53xagKUp'

# Password for wazuh-wui API user
  api_username: 'wazuh-wui'
  api_password: 'ALPgapEJQfI3d1?8ewMYAIEO57lZqJlT'

root@ip-172-31-94-60:/home/ubuntu# 

@davidcr01 davidcr01 linked a pull request Aug 27, 2024 that will close this issue
@wazuhci wazuhci moved this from On hold to In progress in Release 4.10.0 Aug 27, 2024
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.10.0 Aug 27, 2024
@wazuhci wazuhci moved this from Pending review to On hold in Release 4.10.0 Aug 27, 2024
@wazuhci wazuhci moved this from On hold to Pending final review in Release 4.10.0 Aug 28, 2024
@wazuhci wazuhci moved this from Pending final review to Done in Release 4.10.0 Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment