Release 4.9.0 - Alpha 3 - E2E UX tests - RBAC

[davidjiglesias]

End-to-End (E2E) Testing Guideline

• Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
• Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
• Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
• External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
• Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
• Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
• Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
• Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
• Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
• Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Urgent priority. Communicate these to the team and QA via the c-release Slack channel.
• Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
• Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
• Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example Release 4.3.5 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #13994.
• Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-pyserver team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
• For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

• 🟢 All checks passed
• 🟡 Found a known issue
• 🔴 Found a new error

Issue delivery and completion

• Initial delivery: The issue's assignee must complete the testing and deliver the results by Jul 24, 2024 and notify the @wazuh/devel-pyserver team via Slack using the c-release channel
• Review: The @wazuh/devel-pyserver team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Jul 25, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
• Auditor: The QA team must audit, validate the results, and close the issue by Jul 26, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer	Installation assistant	Multi node	CentOS 7 x86_64
Server	Installation assistant	Single node	CentOS 7 x86_64
Dashboard	Installation assistant	-	CentOS 7 x86_64
Agent	Wazuh WUI one-liner deploy using IP and GROUP (created beforehand, don't use default)	-	CentOS 7 x86_64

Test description

Follow and complete the documentation steps and the examples, ensuring the access is adequate based on each requirement:

https://documentation-dev.wazuh.com/v4.9.0-alpha3/user-manual/user-administration/rbac.html?highlight=RBAC

Known issues

• Improve Wazuh RBAC Use case instructions wazuh-documentation#6893

Conclusions

Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:

Status	Test	Failure type	Notes
🔴	Wazuh Dashboard Installation	Cannot connect to Wazuh Dashboard	Known issue: wazuh/wazuh-packages#3056
🔴	Wazuh Dashboard Installation	Wazuh Dashboard cannot be removed	New issue opened: wazuh/wazuh-packages#3061

Feedback

We value your feedback. Please provide insights on your testing experience.

• Was the testing guideline clear? Were there any ambiguities?
  • Testing guideline was clear, and no ambiguities
• Did you face any challenges not covered by the guideline?
  • No
• Suggestions for improvement:
  • None

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

• @rauldpm
• @wazuh/devel-pyserver

[Johnng007]

Environment 🟢

Environment

[root@indexer1 wazuh]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Wazuh Indexer Installation 🟢

Each component was installed using the Installation assistant.

Installer downloads

[root@indexer1 wazuh]# curl -sO https://packages-dev.wazuh.com/4.9/config.yml
[root@indexer1 wazuh]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh

config.yml

[root@indexer1 wazuh]# nano config.yml

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: "192.168.25.161"
    - name: node-2
      ip: "192.168.25.162"
    #- name: node-3
    #  ip: "<indexer-node-ip>"

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: "192.168.25.163"
    #  node_type: master
    #- name: wazuh-2
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker
    #- name: wazuh-3
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard
      ip: "192.168.25.163"

Config generation

[root@indexer1 wazuh]# bash wazuh-install.sh --generate-config-files
24/07/2024 02:30:45 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/07/2024 02:30:45 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/07/2024 02:30:45 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/07/2024 02:30:45 INFO: --- Configuration files ---
24/07/2024 02:30:45 INFO: Generating configuration files.
24/07/2024 02:30:45 INFO: Generating the root certificate.
24/07/2024 02:30:46 INFO: Generating Admin certificates.
24/07/2024 02:30:46 INFO: Generating Wazuh indexer certificates.
24/07/2024 02:30:46 INFO: Generating Filebeat certificates.
24/07/2024 02:30:46 INFO: Generating Wazuh dashboard certificates.
24/07/2024 02:30:46 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.

Installing indexer 1

[root@indexer1 wazuh]# bash wazuh-install.sh --wazuh-indexer node-1
24/07/2024 04:35:15 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/07/2024 04:35:15 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/07/2024 04:35:15 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/07/2024 04:35:17 INFO: Wazuh development repository added.
24/07/2024 04:35:17 INFO: --- Wazuh indexer ---
24/07/2024 04:35:17 INFO: Starting Wazuh indexer installation.
24/07/2024 04:37:41 INFO: Wazuh indexer installation finished.
24/07/2024 04:37:42 INFO: Wazuh indexer post-install configuration finished.
24/07/2024 04:37:42 INFO: Starting service wazuh-indexer.
24/07/2024 04:38:35 INFO: wazuh-indexer service started.
24/07/2024 04:38:35 INFO: Initializing Wazuh indexer cluster security settings.
24/07/2024 04:38:35 INFO: Wazuh indexer cluster initialized.
24/07/2024 04:38:35 INFO: Installation finished.

Installing indexer 2

[root@indexer2 wazuh]# bash wazuh-install.sh --wazuh-indexer node-2
24/07/2024 06:13:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/07/2024 06:13:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/07/2024 06:13:40 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/07/2024 06:13:42 INFO: Wazuh development repository added.
24/07/2024 06:13:42 INFO: --- Wazuh indexer ---
24/07/2024 06:13:42 INFO: Starting Wazuh indexer installation.
24/07/2024 06:15:58 INFO: Wazuh indexer installation finished.
24/07/2024 06:15:59 INFO: Wazuh indexer post-install configuration finished.
24/07/2024 06:15:59 INFO: Starting service wazuh-indexer.
24/07/2024 06:16:20 INFO: wazuh-indexer service started.
24/07/2024 06:16:20 INFO: Initializing Wazuh indexer cluster security settings.
24/07/2024 06:16:21 INFO: Wazuh indexer cluster initialized.
24/07/2024 06:16:21 INFO: Installation finished.

Starting the indexer cluster

[root@indexer1 wazuh]# bash wazuh-install.sh --start-cluster
24/07/2024 06:18:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/07/2024 06:18:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/07/2024 06:18:40 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/07/2024 06:18:45 INFO: Wazuh indexer cluster security configuration initialized.
24/07/2024 06:19:12 INFO: Updating the internal users.
24/07/2024 06:19:15 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
24/07/2024 06:19:25 INFO: Wazuh indexer cluster started.

Checking the indexer 1 cluster installation

[root@indexer1 wazuh]# curl -k -u admin:$(password) https://192.168.25.161:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "eZA6hxPrRN2J2trpni78QA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "2c952aba7735bee5f4b0bb9cfc821d68ffbdd636",
    "build_date" : "2024-07-19T16:30:35.251438Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Checking the indexer 2 cluster installation

[root@indexer1 wazuh]# curl -k -u admin:$(password) https://192.168.25.162:9200
{
  "name" : "node-2",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "eZA6hxPrRN2J2trpni78QA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "2c952aba7735bee5f4b0bb9cfc821d68ffbdd636",
    "build_date" : "2024-07-19T16:30:35.251438Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Checking the general cluster health

[root@indexer1 wazuh]# curl -k -u admin:$(password) https://192.168.25.161:9200/_cat/nodes?v
ip             heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
192.168.25.162           37          96   2    0.00    0.09     0.25 dimr      data,ingest,master,remote_cluster_client -               node-2
192.168.25.161           50          95   0    0.00    0.04     0.06 dimr      data,ingest,master,remote_cluster_client *               node-1

Wazuh Server Installation 🟢

Wazuh server

[root@serverdash wazuh]# bash wazuh-install.sh --wazuh-server wazuh-1
24/07/2024 08:03:00 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
24/07/2024 08:03:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log
24/07/2024 08:03:01 INFO: Verifying that your system meets the recommended minimum hardware requirements.
24/07/2024 08:03:02 INFO: Wazuh development repository added.
24/07/2024 08:03:03 INFO: --- Wazuh server ---
24/07/2024 08:03:03 INFO: Starting the Wazuh manager installation.
24/07/2024 08:04:39 INFO: Wazuh manager installation finished.
24/07/2024 08:04:39 INFO: Wazuh manager vulnerability detection configuration finished.
24/07/2024 08:04:39 INFO: Starting service wazuh-manager.
24/07/2024 08:04:56 INFO: wazuh-manager service started.
24/07/2024 08:04:56 INFO: Starting Filebeat installation.
24/07/2024 08:06:05 INFO: Filebeat installation finished.
24/07/2024 08:06:12 INFO: Filebeat post-install configuration finished.
24/07/2024 08:06:24 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
24/07/2024 08:07:28 INFO: Starting service filebeat.
24/07/2024 08:07:33 INFO: filebeat service started.
24/07/2024 08:07:33 INFO: Installation finished.

Wazuh Dashboard Installation 🔴

Wazuh Dashboard

Note: An issue exists in the Wazuh dashboard installation where the dashboard tried to use the kibanaserver user credentials to login, but those were invalid, this caused a failure in the normal installation process.
I had to force dashboard installation with -fd and reset kibanaserver password to proceed.

• Automated installer not setting the kibanaserver password correctly. wazuh-packages#3056

[root@serverdash wazuh]# bash wazuh-install.sh --wazuh-dashboard dashboard -fd
25/07/2024 03:36:23 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
25/07/2024 03:36:23 INFO: Verbose logging redirected to /var/log/wazuh-install.log
25/07/2024 03:36:24 INFO: Verifying that your system meets the recommended minimum hardware requirements.
25/07/2024 03:36:24 INFO: Wazuh web interface port will be 443.
25/07/2024 03:36:25 INFO: Wazuh development repository added.
25/07/2024 03:36:26 INFO: --- Wazuh dashboard ----
25/07/2024 03:36:26 INFO: Starting Wazuh dashboard installation.
25/07/2024 03:38:32 INFO: Wazuh dashboard installation finished.
25/07/2024 03:38:32 INFO: Wazuh dashboard post-install configuration finished.
25/07/2024 03:38:32 INFO: Starting service wazuh-dashboard.
25/07/2024 03:38:33 INFO: wazuh-dashboard service started.
25/07/2024 03:38:34 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
25/07/2024 03:39:57 INFO: Initializing Wazuh dashboard web application.
25/07/2024 03:41:59 WARNING: Cannot connect to Wazuh dashboard.
25/07/2024 03:41:59 INFO: --- Summary ---
25/07/2024 03:41:59 INFO: When Wazuh dashboard is able to connect to your Wazuh indexer cluster, you can access the web interface https://192.168.25.163
    User: admin
    Password: $(password)
25/07/2024 03:41:59 INFO: Installation finished.

Dashboard Config Details

[root@serverdash wazuh]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: kibanaserver
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true
server.host: 192.168.25.163
opensearch.hosts:
  - https://192.168.25.161:9200
  - https://192.168.25.162:9200

[root@serverdash wazuh]# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
hosts:
  - default:
      url: https://localhost
      port: 55000
      username: wazuh-wui
      password: $(password)
      run_as: false

Agent Installation 🟢

One-liner Installation

[root@localhost wazuh]# curl -o wazuh-agent-4.9.0-1.x86_64.rpm https://packages-dev.wazuh.com/pre-release/yum/wazuh-agent-4.9.0-1.x86_64.rpm && WAZUH_MANAGER='192.168.25.163' WAZUH_AGENT_GROUP='UXTest' rpm -ihv wazuh-agent-4.9.0-1.x86_64.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 10.4M  100 10.4M    0     0  3358k      0  0:00:03  0:00:03 --:--:-- 3360k
warning: wazuh-agent-4.9.0-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 29111145: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:wazuh-agent-4.9.0-1              ################################# [100%]
[root@localhost wazuh]# systemctl daemon-reload
[root@localhost wazuh]# systemctl enable wazuh-agent
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-agent.service to /usr/lib/systemd/system/wazuh-agent.service.
[root@localhost wazuh]# systemctl start wazuh-agent

Agent Status

Wazuh dashboard exploration

Login Page

Management Logs

Wazuh RBAC - Creating and mapping internal users 🟢

Creating and setting a Wazuh admin user

Mapping created user to admin role

Map the user with Wazuh

Setting run_as to true

[root@serverdash wazuh]# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
hosts:
  - default:
      url: https://localhost
      port: 55000
      username: wazuh-wui
      password: $(password)
      run_as: true

enrollment.dns: "192.168.25.163"

Restarting Wazuh dashboard service

[root@serverdash wazuh]# systemctl restart wazuh-dashboard

Confirming user

Creating and setting a Wazuh read-only user

Map the user to readonly role

Mapping the user with Wazuh

Confirming user

Creating internal user and mapping it to Wazuh

Map the created user to a role

Mapping the user with Wazuh

Confirming user

Use Cases 🟢

Give a user permission to read and manage a group of agents 🟢

Adding an agent group label

Creating and mapping an internal user

Create a custom role and map the user to it

Mapping the user with Wazuh

Confirming user

[Johnng007]

Additional known issue

• Cache_MaxSize warning messages wazuh-indexer#329
• Automated installer not setting the kibanaserver password correctly. wazuh-packages#3056
• Opensearch Performance Analyzer Error on Indexer Server #24921

[fdalmaup]

Review

Asked for minor changes in the output of some configurations.

[Johnng007]

@fdalmaup The setup was in a local environment. But the obfuscation has been done. 🟢