Manager check service fails in distributed deployment

[davidcr01]

Description

While working on #20, I found a problem when checking the Wazuh manager service, specifically when executing the manager_checkService command. This new check was added in wazuh/wazuh-packages#3059, and improved in #28 and #44.

Now, I encountered that this check fails when performing a distributed installation, specifically when installing a Wazuh manager cluster. This is causing the GHA migration is failing:

The problem is that the Wazuh worker node fails with the Invalid credentials response of the Wazuh API when obtaining a token:

11/09/2024 08:46:19 INFO: Starting service wazuh-manager.
11/09/2024 08:46:32 INFO: wazuh-manager service started.
11/09/2024 08:46:32 INFO: Checking Wazuh API connection
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN=
+ set +x
11/09/2024 08:46:32 INFO: Attempt 1: Trying to get Wazuh API token
11/09/2024 08:46:35 ERROR: Wazuh API connection Error. {
   "title": "Unauthorized",
   "detail": "Invalid token"
}
11/09/2024 08:46:35 INFO: --- Removing existing Wazuh installation ---
11/09/2024 08:46:35 INFO: Removing Wazuh manager.
11/09/2024 08:46:46 INFO: Wazuh manager removed.
11/09/2024 08:46:47 INFO: Installation cleaned.

However, in the Wazuh manager master node, this is not reproduced:

11/09/2024 08:44:58 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
11/09/2024 08:45:14 INFO: wazuh-manager service started.
11/09/2024 08:45:14 INFO: Checking Wazuh API connection
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDQ0MzE0LCJleHAiOjE3MjYwNDUyMTQsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.ASma0rlkeoS_y2HpkiQsezwuryfC2G8yZMkDAkQ4Wb8M5P2YLjbY_tWCTslaJkMWZR3GTia5ABC5gfZRJeMlWB99AS2q9C-NVf6JNocMk9bWDJkutsBzBaRpKZ6bukUOco-4XknJZVP4UhnVtZdE7ydDW_rJMW3wMF0hJ-uS2YtGyWzy
+ set +x
11/09/2024 08:45:14 INFO: Wazuh API connection successful

Investigation

To understand what is happening, we must take into account that:

• A distributed installation is being performed.
• The installation of the Wazuh manager master node is being executed before the Wazuh manager worker node installation
• The token is being generated with the following command:

token_command="curl -k -s -X POST -u \"wazuh-wui:wazuh-wui\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\""

Important

Notice that the used credentials to get the API are wazuh-wui:wazuh-wui, the default credentials before changing the passwords.

The execution order of the functions when installing the Wazuh manager on a distributed installation (this means installing the Wazuh manager with the -ws option, not the -a option) is the following:

if [ -n "${wazuh}" ]; then
    common_logger "--- Wazuh server ---"
    manager_install
    manager_configure
    if [ -n "${server_node_types[*]}" ]; then
        manager_startCluster
    fi
    installCommon_startService "wazuh-manager"
    manager_checkService  # <----
    filebeat_install
    filebeat_configure
    installCommon_changePasswords  # <----
    installCommon_startService "filebeat"
    filebeat_checkService
    installCommon_removeWIADependencies
fi

As you can see, among other things, the Wazuh manager master node is checking the Wazuh manager service (and it passes correctly), and it changes the passwords long after, including the API password.

Then, when the Wazuh manager worker node performs its installation, the API credentials are not the default ones anymore, because the Wazuh manager master node has changed them. Thus, when the worker node tries to get the token with the default credentials, it fails:

root@ip-172-31-84-56:/home/ubuntu# curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
{"title": "Unauthorized", "detail": "Invalid credentials"}

If we use the password specified in the wazuh-passwords.txt file, the TOKEN is fetched correctly:

root@ip-172-31-84-56:/home/ubuntu# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'wazuh-wui\'" -A 1
  api_username: 'wazuh-wui'
  api_password: 'X?YG+2cj?1mzUoRA2aF+3c.PZpSE1lZJ'
root@ip-172-31-84-56:/home/ubuntu# curl -k -s -X POST -u wazuh-wui:X?YG+2cj?1mzUoRA2aF+3c.PZpSE1lZJ 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDQ1NTUxLCJleHAiOjE3MjYwNDY0NTEsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.ADWTFKNLqh0e9w8jHx-7JyBahaFmOvoTUMxgsi719YE4o7pc4nCNywfCfWBwk899H7xzsIfAdH1cRhKyoA8eugE9AZ2GX4MbgM7dYL1xpbERGZXH7t0AusuybXLfanN66aH0-Buh_L11mkbuBwoeB4h2XOcb50frA07Owi7lH6aHgaIBroot@ip-172-31-84-56:/home/ubuntu# 

Caution

This error could have been avoided if distributed testing was performed in wazuh/wazuh-packages#3059, #28, and #44. We should perform this kind of test when developing new code. This will be much easier when the GHAs are finished in #20.

Tasks

• Create a logic to solve this behavior. A possible solution could be to get the API password when the manager node type is a worker one
• Apply the fix
• Validate the fix (AIO, distributed installation in a single machine, distributed installation on several machines)

[davidcr01]

Update Report

Development

The fix would consist in managing two different cases:

• The master node has been installed and it has changed the passwords, so the worker node needs to change the API password before getting the token.
• The master node and the worker node are being installed simultaneously. In this case, if the manager cluster is not started, when the worker nodes try to get the TOKEN, the API returns an Wazuh Cluster Error. In this case, the worker node does not have to change the API password, but it has to retry the API fetch waiting for the manager cluster to be started.

The strategy is to use the "${server_node_types[pos]}" variable, which contains which type of node is installing the assistant. The pos variable along the installation. In this way, we can identify which manager node is being installed.

Then, if the credentials are incorrect, they are changed. In other cases, if the API returns the cluster error, the assistant will retry to fetch the TOKEN with the default credentials, as they are changed long after.

Testing

Testing the first case, the worker needs to change the credentials:

root@ip-172-31-84-56:/home/ubuntu# bash wazuh-install.sh -ws server-2 -o
11/09/2024 10:36:03 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 10:36:03 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 10:36:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 10:36:12 INFO: Wazuh development repository added.
11/09/2024 10:36:12 INFO: --- Wazuh server ---
11/09/2024 10:36:12 INFO: Starting the Wazuh manager installation.
11/09/2024 10:36:57 INFO: Wazuh manager installation finished.
11/09/2024 10:36:57 INFO: Wazuh manager vulnerability detection configuration finished.
11/09/2024 10:36:57 INFO: Starting service wazuh-manager.
11/09/2024 10:37:13 INFO: wazuh-manager service started.
11/09/2024 10:37:13 INFO: Checking Wazuh API connection
+ api_password=wazuh-wui
+ token_command='curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN='{"title": "Unauthorized", "detail": "Invalid credentials"}'
+ [[ {"title": "Unauthorized", "detail": "Invalid credentials"} =~ Invalid credentials ]]
+ [[ worker == \w\o\r\k\e\r ]]
++ tar -axf /home/ubuntu/wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O
++ grep -P ''\''wazuh-wui'\''' -A 1
++ sed 's/'\''//g'
++ awk 'NR==2 { print $2 }'
+ api_password='X?YG+2cj?1mzUoRA2aF+3c.PZpSE1lZJ'
+ token_command='curl -k -s -X POST -u "wazuh-wui:X?YG+2cj?1mzUoRA2aF+3c.PZpSE1lZJ" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
++ eval 'curl -k -s -X POST -u "wazuh-wui:X?YG+2cj?1mzUoRA2aF+3c.PZpSE1lZJ" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u 'wazuh-wui:X?YG+2cj?1mzUoRA2aF+3c.PZpSE1lZJ' 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUxMDM0LCJleHAiOjE3MjYwNTE5MzQsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AaF5U-5y5urMuyHyl9JVr7yDlShhCvZdYJ00sB1ZbVDNa7Akrtv4OGAQyuDzgMhuL5PiTw1ipuTOYixhq6kURW3wAdkiOv2ltYMk3E9mYQVQfehrQYVJujNEoY908F9xUi6wGSMbgTW0JfArANoCH5p5j2yCQm-FqXtmy86rFBo2Axio
+ max_attempts=5
+ attempt=0
+ seconds=3
+ [[ -z eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUxMDM0LCJleHAiOjE3MjYwNTE5MzQsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AaF5U-5y5urMuyHyl9JVr7yDlShhCvZdYJ00sB1ZbVDNa7Akrtv4OGAQyuDzgMhuL5PiTw1ipuTOYixhq6kURW3wAdkiOv2ltYMk3E9mYQVQfehrQYVJujNEoY908F9xUi6wGSMbgTW0JfArANoCH5p5j2yCQm-FqXtmy86rFBo2Axio ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUxMDM0LCJleHAiOjE3MjYwNTE5MzQsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AaF5U-5y5urMuyHyl9JVr7yDlShhCvZdYJ00sB1ZbVDNa7Akrtv4OGAQyuDzgMhuL5PiTw1ipuTOYixhq6kURW3wAdkiOv2ltYMk3E9mYQVQfehrQYVJujNEoY908F9xUi6wGSMbgTW0JfArANoCH5p5j2yCQm-FqXtmy86rFBo2Axio =~ Wazuh Cluster Error ]]
+ set +x
11/09/2024 10:37:14 INFO: Wazuh API connection successful
11/09/2024 10:37:14 INFO: Starting Filebeat installation.
11/09/2024 10:37:25 INFO: Filebeat installation finished.
11/09/2024 10:37:26 INFO: Filebeat post-install configuration finished.
11/09/2024 10:37:28 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 10:37:46 INFO: Starting service filebeat.
11/09/2024 10:37:47 INFO: filebeat service started.
11/09/2024 10:37:47 INFO: Checking Filebeat connection
11/09/2024 10:37:47 INFO: Filebeat connection successful
11/09/2024 10:37:47 INFO: Installation finished.
root@ip-172-31-84-56:/home/ubuntu# 

Testing the second case, the worker does not need to change the credentials, but needs to retry:

• Master node:

root@ip-172-31-87-247:/home/ubuntu# bash wazuh-install.sh -ws server-1 -o
11/09/2024 11:21:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 11:21:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 11:21:51 INFO: --- Removing existing Wazuh installation ---
11/09/2024 11:21:51 INFO: Removing Wazuh manager.
11/09/2024 11:22:01 INFO: Wazuh manager removed.
11/09/2024 11:22:01 INFO: Removing Filebeat.
11/09/2024 11:22:06 INFO: Filebeat removed.
11/09/2024 11:22:06 INFO: Installation cleaned.
11/09/2024 11:22:06 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 11:22:12 INFO: Wazuh development repository added.
11/09/2024 11:22:12 INFO: --- Wazuh server ---
11/09/2024 11:22:12 INFO: Starting the Wazuh manager installation.
11/09/2024 11:23:00 INFO: Wazuh manager installation finished.
11/09/2024 11:23:00 INFO: Wazuh manager vulnerability detection configuration finished.
11/09/2024 11:23:00 INFO: Starting service wazuh-manager.
11/09/2024 11:23:16 INFO: wazuh-manager service started.
11/09/2024 11:23:16 INFO: Checking Wazuh API connection
+ api_password=wazuh-wui
+ token_command='curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUzNzk3LCJleHAiOjE3MjYwNTQ2OTcsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AFFoEU00Lf9LYQ0Dbg5kryNmmB33tZp0cTA_WzxeBKW1HaoHuhB007poQrLilub48eKmLBcgMqD89I4qOc4Im2apAGzVHR69H5ghJT0Thhcj0fOESBi-buxGZV79aQuUn63gKqM2a-p2z41gtHskGBoJJ-c7OakL7rHytGDdRWhdSVDR
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUzNzk3LCJleHAiOjE3MjYwNTQ2OTcsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AFFoEU00Lf9LYQ0Dbg5kryNmmB33tZp0cTA_WzxeBKW1HaoHuhB007poQrLilub48eKmLBcgMqD89I4qOc4Im2apAGzVHR69H5ghJT0Thhcj0fOESBi-buxGZV79aQuUn63gKqM2a-p2z41gtHskGBoJJ-c7OakL7rHytGDdRWhdSVDR =~ Invalid credentials ]]
+ set +x
11/09/2024 11:23:17 INFO: Wazuh API connection successful
11/09/2024 11:23:17 INFO: Starting Filebeat installation.
11/09/2024 11:23:29 INFO: Filebeat installation finished.
11/09/2024 11:23:31 INFO: Filebeat post-install configuration finished.
11/09/2024 11:23:33 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 11:23:56 INFO: Starting service filebeat.
11/09/2024 11:23:57 INFO: filebeat service started.
11/09/2024 11:23:57 INFO: Checking Filebeat connection
11/09/2024 11:23:57 INFO: Filebeat connection successful
11/09/2024 11:23:57 INFO: Installation finished.

• Worker node:

root@ip-172-31-84-56:/home/ubuntu# bash wazuh-install.sh -ws server-2 -o
11/09/2024 11:21:35 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 11:21:35 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 11:21:41 INFO: --- Removing existing Wazuh installation ---
11/09/2024 11:21:41 INFO: Removing Wazuh manager.
11/09/2024 11:21:53 INFO: Wazuh manager removed.
11/09/2024 11:21:53 INFO: Removing Filebeat.
11/09/2024 11:21:57 INFO: Filebeat removed.
11/09/2024 11:21:58 INFO: Installation cleaned.
11/09/2024 11:21:58 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 11:22:03 INFO: Wazuh development repository added.
11/09/2024 11:22:04 INFO: --- Wazuh server ---
11/09/2024 11:22:04 INFO: Starting the Wazuh manager installation.
11/09/2024 11:22:49 INFO: Wazuh manager installation finished.
11/09/2024 11:22:50 INFO: Wazuh manager vulnerability detection configuration finished.
11/09/2024 11:22:50 INFO: Starting service wazuh-manager.
11/09/2024 11:23:04 INFO: wazuh-manager service started.
11/09/2024 11:23:04 INFO: Checking Wazuh API connection
+ api_password=wazuh-wui
+ token_command='curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN='{"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023}'
+ [[ {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} =~ Invalid credentials ]]
+ max_attempts=15
+ attempt=0
+ seconds=5
+ [[ -z {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} ]]
+ [[ {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} =~ Wazuh Cluster Error ]]
+ [[ 0 -lt 15 ]]
+ attempt=1
+ common_logger 'Attempt 1: Trying to get Wazuh API token'
+ now='11/09/2024 11:23:04'
+ '[' -n 'Attempt 1: Trying to get Wazuh API token' ']'
+ '[' -n 'Attempt 1: Trying to get Wazuh API token' ']'
+ case ${1} in
+ message='Attempt 1: Trying to get Wazuh API token'
+ printf '%s\n' '11/09/2024 11:23:04 INFO: Attempt 1: Trying to get Wazuh API token'
+ tee -a /var/log/wazuh-install.log
11/09/2024 11:23:04 INFO: Attempt 1: Trying to get Wazuh API token
+ sleep 5
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN='{"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023}'
+ [[ -z {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} ]]
+ [[ {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} =~ Wazuh Cluster Error ]]
+ [[ 1 -lt 15 ]]
+ attempt=2
+ common_logger 'Attempt 2: Trying to get Wazuh API token'
+ now='11/09/2024 11:23:09'
+ '[' -n 'Attempt 2: Trying to get Wazuh API token' ']'
+ '[' -n 'Attempt 2: Trying to get Wazuh API token' ']'
+ case ${1} in
+ message='Attempt 2: Trying to get Wazuh API token'
+ printf '%s\n' '11/09/2024 11:23:09 INFO: Attempt 2: Trying to get Wazuh API token'
+ tee -a /var/log/wazuh-install.log
11/09/2024 11:23:09 INFO: Attempt 2: Trying to get Wazuh API token
+ sleep 5
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN='{"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023}'
+ [[ -z {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} ]]
+ [[ {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} =~ Wazuh Cluster Error ]]
+ [[ 2 -lt 15 ]]
+ attempt=3
+ common_logger 'Attempt 3: Trying to get Wazuh API token'
+ now='11/09/2024 11:23:14'
+ '[' -n 'Attempt 3: Trying to get Wazuh API token' ']'
+ '[' -n 'Attempt 3: Trying to get Wazuh API token' ']'
+ case ${1} in
+ message='Attempt 3: Trying to get Wazuh API token'
+ printf '%s\n' '11/09/2024 11:23:14 INFO: Attempt 3: Trying to get Wazuh API token'
+ tee -a /var/log/wazuh-install.log
11/09/2024 11:23:14 INFO: Attempt 3: Trying to get Wazuh API token
+ sleep 5
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN='{"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023}'
+ [[ -z {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} ]]
+ [[ {"title": "Wazuh Cluster Error", "detail": "Worker node is not connected to master", "remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.", "error": 3023} =~ Wazuh Cluster Error ]]
+ [[ 3 -lt 15 ]]
+ attempt=4
+ common_logger 'Attempt 4: Trying to get Wazuh API token'
+ now='11/09/2024 11:23:19'
+ '[' -n 'Attempt 4: Trying to get Wazuh API token' ']'
+ '[' -n 'Attempt 4: Trying to get Wazuh API token' ']'
+ case ${1} in
+ message='Attempt 4: Trying to get Wazuh API token'
+ printf '%s\n' '11/09/2024 11:23:19 INFO: Attempt 4: Trying to get Wazuh API token'
+ tee -a /var/log/wazuh-install.log
11/09/2024 11:23:19 INFO: Attempt 4: Trying to get Wazuh API token
+ sleep 5
++ eval 'curl -k -s -X POST -u "wazuh-wui:wazuh-wui" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '\''{"user_name":"wzread"}'\'' -H "content-type:application/json"'
+++ curl -k -s -X POST -u wazuh-wui:wazuh-wui 'https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true' -d '{"user_name":"wzread"}' -H content-type:application/json
+ TOKEN=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUzODA0LCJleHAiOjE3MjYwNTQ3MDQsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AWC5dePgbsrQpMvLf4U8Ldc9IkkVSxVhzcL4CjLPw5GkCH7eh6DPNDQowlIAqADo-ckfr9junBITGDAPt6QmL7WcASS__r5N-zpk9ApHe-P8aWXkv0rn1l0Flm77rLeyEh2m-HRz2Rd4i5Jc8pw2OCKT7yu21d0KOD10tqHqmPW8H-xw
+ [[ -z eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUzODA0LCJleHAiOjE3MjYwNTQ3MDQsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AWC5dePgbsrQpMvLf4U8Ldc9IkkVSxVhzcL4CjLPw5GkCH7eh6DPNDQowlIAqADo-ckfr9junBITGDAPt6QmL7WcASS__r5N-zpk9ApHe-P8aWXkv0rn1l0Flm77rLeyEh2m-HRz2Rd4i5Jc8pw2OCKT7yu21d0KOD10tqHqmPW8H-xw ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzI2MDUzODA0LCJleHAiOjE3MjYwNTQ3MDQsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6dHJ1ZSwicmJhY19yb2xlcyI6W10sInJiYWNfbW9kZSI6IndoaXRlIiwiaGFzaF9hdXRoX2NvbnRleHQiOiI2ZTUxZGExOTNjMTFhYTVhYmQ0NDgxNTgxNjViZjJmNyJ9.AWC5dePgbsrQpMvLf4U8Ldc9IkkVSxVhzcL4CjLPw5GkCH7eh6DPNDQowlIAqADo-ckfr9junBITGDAPt6QmL7WcASS__r5N-zpk9ApHe-P8aWXkv0rn1l0Flm77rLeyEh2m-HRz2Rd4i5Jc8pw2OCKT7yu21d0KOD10tqHqmPW8H-xw =~ Wazuh Cluster Error ]]
+ set +x
11/09/2024 11:23:24 INFO: Wazuh API connection successful
11/09/2024 11:23:24 INFO: Starting Filebeat installation.
11/09/2024 11:23:36 INFO: Filebeat installation finished.
11/09/2024 11:23:37 INFO: Filebeat post-install configuration finished.
11/09/2024 11:23:38 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 11:23:58 INFO: Starting service filebeat.
11/09/2024 11:23:58 INFO: filebeat service started.
11/09/2024 11:23:58 INFO: Checking Filebeat connection
11/09/2024 11:23:58 INFO: Filebeat connection successful
11/09/2024 11:23:58 INFO: Installation finished.

Note

Notice that the worker node retries to get the token until the Wazuh Cluster Error is not being generated, and also it is using the default credentials wazuh-wui:wazuh-wui

After finishing the installation, the Wazuh UI loads correctly:

Testing AIO ✔️

The AIO installation finished successfully:

AIO installation log

root@ip-172-31-84-56:/home/ubuntu# bash wazuh-install.sh -a -v
11/09/2024 12:08:01 DEBUG: Checking root permissions.
11/09/2024 12:08:01 DEBUG: Checking sudo package.
11/09/2024 12:08:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 12:08:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 12:08:01 DEBUG: APT package manager will be used.
11/09/2024 12:08:01 DEBUG: Checking system distribution.
11/09/2024 12:08:01 DEBUG: Detected distribution name: ubuntu
11/09/2024 12:08:01 DEBUG: Detected distribution version: 22
11/09/2024 12:08:01 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1988 kB]
Fetched 2116 kB in 0s (5222 kB/s)
Reading package lists...
11/09/2024 12:08:05 DEBUG: Checking Wazuh installation.
11/09/2024 12:08:06 DEBUG: Checking system architecture.
11/09/2024 12:08:06 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 12:08:06 DEBUG: CPU cores detected: 4
11/09/2024 12:08:06 DEBUG: Free RAM memory detected: 7847
11/09/2024 12:08:06 INFO: Wazuh web interface port will be 443.
11/09/2024 12:08:06 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
11/09/2024 12:08:08 DEBUG: Installing prerequisites dependencies.
11/09/2024 12:08:11 DEBUG: Checking curl tool version.
11/09/2024 12:08:11 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [40.5 kB]
Fetched 57.8 kB in 1s (93.8 kB/s)
Reading package lists...
11/09/2024 12:08:13 INFO: Wazuh development repository added.
11/09/2024 12:08:13 INFO: --- Configuration files ---
11/09/2024 12:08:13 INFO: Generating configuration files.
11/09/2024 12:08:13 DEBUG: Creating Wazuh certificates.
11/09/2024 12:08:13 DEBUG: Reading configuration file.
11/09/2024 12:08:13 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:08:13 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:08:13 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:08:14 INFO: Generating the root certificate.
11/09/2024 12:08:14 INFO: Generating Admin certificates.
11/09/2024 12:08:14 DEBUG: Generating Admin private key.
11/09/2024 12:08:14 DEBUG: Converting Admin private key to PKCS8 format.
11/09/2024 12:08:14 DEBUG: Generating Admin CSR.
11/09/2024 12:08:14 DEBUG: Creating Admin certificate.
11/09/2024 12:08:14 INFO: Generating Wazuh indexer certificates.
11/09/2024 12:08:14 DEBUG: Creating the certificates for wazuh-indexer indexer node.
11/09/2024 12:08:14 DEBUG: Generating certificate configuration.
11/09/2024 12:08:14 DEBUG: Creating the Wazuh indexer tmp key pair.
11/09/2024 12:08:14 DEBUG: Creating the Wazuh indexer certificates.
11/09/2024 12:08:14 INFO: Generating Filebeat certificates.
11/09/2024 12:08:14 DEBUG: Generating the certificates for wazuh-server server node.
11/09/2024 12:08:14 DEBUG: Generating certificate configuration.
11/09/2024 12:08:14 DEBUG: Creating the Wazuh server tmp key pair.
11/09/2024 12:08:14 DEBUG: Creating the Wazuh server certificates.
11/09/2024 12:08:14 INFO: Generating Wazuh dashboard certificates.
11/09/2024 12:08:14 DEBUG: Generating certificate configuration.
11/09/2024 12:08:14 DEBUG: Creating the Wazuh dashboard tmp key pair.
11/09/2024 12:08:14 DEBUG: Creating the Wazuh dashboard certificates.
11/09/2024 12:08:14 DEBUG: Cleaning certificate files.
11/09/2024 12:08:14 DEBUG: Generating password file.
11/09/2024 12:08:14 DEBUG: Generating random passwords.
11/09/2024 12:08:15 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
11/09/2024 12:08:15 DEBUG: Extracting Wazuh configuration.
11/09/2024 12:08:15 DEBUG: Reading configuration file.
11/09/2024 12:08:15 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:08:15 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:08:15 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:08:15 INFO: --- Wazuh indexer ---
11/09/2024 12:08:15 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 212 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Selecting previously unselected package ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
11/09/2024 12:08:33 DEBUG: Checking Wazuh installation.
11/09/2024 12:08:33 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:08:34 INFO: Wazuh indexer installation finished.
11/09/2024 12:08:34 DEBUG: Configuring Wazuh indexer.
11/09/2024 12:08:34 DEBUG: Copying Wazuh indexer certificates.
11/09/2024 12:08:34 INFO: Wazuh indexer post-install configuration finished.
11/09/2024 12:08:34 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
11/09/2024 12:08:45 INFO: wazuh-indexer service started.
11/09/2024 12:08:45 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
11/09/2024 12:08:49 INFO: Wazuh indexer cluster security configuration initialized.
11/09/2024 12:08:49 INFO: Wazuh indexer cluster initialized.
11/09/2024 12:08:49 INFO: --- Wazuh server ---
11/09/2024 12:08:49 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 212 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
11/09/2024 12:09:36 DEBUG: Checking Wazuh installation.
11/09/2024 12:09:37 DEBUG: There are Wazuh remaining files.
11/09/2024 12:09:37 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:09:37 INFO: Wazuh manager installation finished.
11/09/2024 12:09:37 DEBUG: Configuring Wazuh manager.
11/09/2024 12:09:37 DEBUG: Setting provisional Wazuh indexer password.
11/09/2024 12:09:38 INFO: Wazuh manager vulnerability detection configuration finished.
11/09/2024 12:09:38 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
11/09/2024 12:09:53 INFO: wazuh-manager service started.
11/09/2024 12:09:53 INFO: Checking Wazuh API connection
11/09/2024 12:09:53 INFO: Wazuh API connection successful
11/09/2024 12:09:53 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 212 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
11/09/2024 12:10:03 DEBUG: Checking Wazuh installation.
11/09/2024 12:10:04 DEBUG: There are Wazuh remaining files.
11/09/2024 12:10:04 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:10:04 DEBUG: There are Filebeat remaining files.
11/09/2024 12:10:05 INFO: Filebeat installation finished.
11/09/2024 12:10:05 DEBUG: Configuring Filebeat.
11/09/2024 12:10:05 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
11/09/2024 12:10:05 DEBUG: Filebeat module was downloaded successfully.
11/09/2024 12:10:05 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
11/09/2024 12:10:06 INFO: Filebeat post-install configuration finished.
11/09/2024 12:10:06 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
11/09/2024 12:10:07 INFO: filebeat service started.
11/09/2024 12:10:07 INFO: Checking Filebeat connection
11/09/2024 12:10:07 INFO: Filebeat connection successful
11/09/2024 12:10:07 INFO: --- Wazuh dashboard ---
11/09/2024 12:10:07 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 212 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 934 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
11/09/2024 12:12:22 DEBUG: Checking Wazuh installation.
11/09/2024 12:12:22 DEBUG: There are Wazuh remaining files.
11/09/2024 12:12:23 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:12:23 DEBUG: There are Filebeat remaining files.
11/09/2024 12:12:23 DEBUG: There are Wazuh dashboard remaining files.
11/09/2024 12:12:23 INFO: Wazuh dashboard installation finished.
11/09/2024 12:12:23 DEBUG: Configuring Wazuh dashboard.
11/09/2024 12:12:23 DEBUG: Copying Wazuh dashboard certificates.
11/09/2024 12:12:23 DEBUG: Wazuh dashboard certificate setup finished.
11/09/2024 12:12:23 INFO: Wazuh dashboard post-install configuration finished.
11/09/2024 12:12:23 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
11/09/2024 12:12:24 INFO: wazuh-dashboard service started.
11/09/2024 12:12:24 DEBUG: Setting Wazuh indexer cluster passwords.
11/09/2024 12:12:24 DEBUG: Checking Wazuh installation.
11/09/2024 12:12:24 DEBUG: There are Wazuh remaining files.
11/09/2024 12:12:24 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:12:25 DEBUG: There are Filebeat remaining files.
11/09/2024 12:12:25 DEBUG: There are Wazuh dashboard remaining files.
11/09/2024 12:12:25 INFO: Updating the internal users.
11/09/2024 12:12:25 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
11/09/2024 12:12:28 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
11/09/2024 12:12:28 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/09/2024 12:12:28 DEBUG: The internal users have been updated before changing the passwords.
11/09/2024 12:12:28 DEBUG: Generating password hashes.
11/09/2024 12:12:33 DEBUG: Password hashes generated.
11/09/2024 12:12:33 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
11/09/2024 12:12:35 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
Successfully updated the keystore
11/09/2024 12:12:36 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 12:12:36 DEBUG: Restarting filebeat service...
11/09/2024 12:12:36 DEBUG: filebeat started.
11/09/2024 12:12:36 DEBUG: Restarting wazuh-manager service...
11/09/2024 12:12:53 DEBUG: wazuh-manager started.
11/09/2024 12:12:54 DEBUG: Restarting wazuh-dashboard service...
11/09/2024 12:12:54 DEBUG: wazuh-dashboard started.
11/09/2024 12:12:54 DEBUG: Running security admin tool.
11/09/2024 12:12:54 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
11/09/2024 12:12:57 DEBUG: Passwords changed.
11/09/2024 12:12:57 DEBUG: Changing API passwords.
11/09/2024 12:13:04 INFO: Initializing Wazuh dashboard web application.
11/09/2024 12:13:04 INFO: Wazuh dashboard web application initialized.
11/09/2024 12:13:04 INFO: --- Summary ---
11/09/2024 12:13:04 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: *.naiDpRokF+AUy6GMonHpsr8w.2uxcZ
11/09/2024 12:13:04 DEBUG: Restoring Wazuh repository.
11/09/2024 12:13:04 INFO: Installation finished.
root@ip-172-31-84-56:/home/ubuntu# 

Testing distributed - single node ✔️

The distributed installation finished successfully:

Distributed installation log - single machine

 
root@ip-172-31-87-247:/home/ubuntu# nano config.yml
root@ip-172-31-87-247:/home/ubuntu# bash wazuh-install.sh -g -v && bash wazuh-install.sh -wi wazuh-indexer -v && bash wazuh-install.sh -s -v && bash wazuh-install.sh -ws wazuh-server && bash wazuh-install.sh -wd wazuh-dashboard -v
11/09/2024 12:25:49 DEBUG: Checking root permissions.
11/09/2024 12:25:49 DEBUG: Checking sudo package.
11/09/2024 12:25:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 12:25:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 12:25:49 DEBUG: APT package manager will be used.
11/09/2024 12:25:49 DEBUG: Checking system distribution.
11/09/2024 12:25:49 DEBUG: Detected distribution name: ubuntu
11/09/2024 12:25:49 DEBUG: Detected distribution version: 22
11/09/2024 12:25:49 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
11/09/2024 12:25:53 DEBUG: Checking Wazuh installation.
11/09/2024 12:25:54 DEBUG: Checking system architecture.
11/09/2024 12:25:54 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 12:25:54 DEBUG: CPU cores detected: 4
11/09/2024 12:25:54 DEBUG: Free RAM memory detected: 7847
11/09/2024 12:25:54 INFO: --- Configuration files ---
11/09/2024 12:25:54 INFO: Generating configuration files.
11/09/2024 12:25:55 DEBUG: Checking if OpenSSL is installed.
11/09/2024 12:25:55 DEBUG: Creating Wazuh certificates.
11/09/2024 12:25:55 DEBUG: Reading configuration file.
11/09/2024 12:25:55 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:25:55 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:25:55 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:25:55 INFO: Generating the root certificate.
11/09/2024 12:25:55 INFO: Generating Admin certificates.
11/09/2024 12:25:55 DEBUG: Generating Admin private key.
11/09/2024 12:25:55 DEBUG: Converting Admin private key to PKCS8 format.
11/09/2024 12:25:55 DEBUG: Generating Admin CSR.
11/09/2024 12:25:55 DEBUG: Creating Admin certificate.
11/09/2024 12:25:55 INFO: Generating Wazuh indexer certificates.
11/09/2024 12:25:55 DEBUG: Creating the certificates for wazuh-indexer indexer node.
11/09/2024 12:25:55 DEBUG: Generating certificate configuration.
11/09/2024 12:25:55 DEBUG: Creating the Wazuh indexer tmp key pair.
11/09/2024 12:25:55 DEBUG: Creating the Wazuh indexer certificates.
11/09/2024 12:25:55 INFO: Generating Filebeat certificates.
11/09/2024 12:25:55 DEBUG: Generating the certificates for wazuh-server server node.
11/09/2024 12:25:55 DEBUG: Generating certificate configuration.
11/09/2024 12:25:55 DEBUG: Creating the Wazuh server tmp key pair.
11/09/2024 12:25:55 DEBUG: Creating the Wazuh server certificates.
11/09/2024 12:25:55 INFO: Generating Wazuh dashboard certificates.
11/09/2024 12:25:55 DEBUG: Generating certificate configuration.
11/09/2024 12:25:55 DEBUG: Creating the Wazuh dashboard tmp key pair.
11/09/2024 12:25:56 DEBUG: Creating the Wazuh dashboard certificates.
11/09/2024 12:25:56 DEBUG: Cleaning certificate files.
11/09/2024 12:25:56 DEBUG: Generating password file.
11/09/2024 12:25:56 DEBUG: Generating random passwords.
11/09/2024 12:25:56 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
11/09/2024 12:25:56 DEBUG: Checking root permissions.
11/09/2024 12:25:56 DEBUG: Checking sudo package.
11/09/2024 12:25:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 12:25:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 12:25:56 DEBUG: APT package manager will be used.
11/09/2024 12:25:56 DEBUG: Checking system distribution.
11/09/2024 12:25:56 DEBUG: Detected distribution name: ubuntu
11/09/2024 12:25:56 DEBUG: Detected distribution version: 22
11/09/2024 12:25:56 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
11/09/2024 12:26:00 DEBUG: Checking Wazuh installation.
11/09/2024 12:26:01 DEBUG: Checking system architecture.
11/09/2024 12:26:01 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 12:26:01 DEBUG: CPU cores detected: 4
11/09/2024 12:26:01 DEBUG: Free RAM memory detected: 7847
11/09/2024 12:26:01 DEBUG: Checking previous certificate existence.
11/09/2024 12:26:01 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
11/09/2024 12:26:03 DEBUG: Installing prerequisites dependencies.
11/09/2024 12:26:05 DEBUG: Checking curl tool version.
11/09/2024 12:26:05 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [40.5 kB]
Fetched 57.8 kB in 0s (129 kB/s)
Reading package lists...
11/09/2024 12:26:07 INFO: Wazuh development repository added.
11/09/2024 12:26:07 DEBUG: Extracting Wazuh configuration.
11/09/2024 12:26:07 DEBUG: Reading configuration file.
11/09/2024 12:26:07 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:26:07 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:26:07 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:26:07 DEBUG: Checking node names in the configuration file.
11/09/2024 12:26:07 INFO: --- Wazuh indexer ---
11/09/2024 12:26:07 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 212 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Selecting previously unselected package ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
11/09/2024 12:26:26 DEBUG: Checking Wazuh installation.
11/09/2024 12:26:26 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:26:27 INFO: Wazuh indexer installation finished.
11/09/2024 12:26:27 DEBUG: Configuring Wazuh indexer.
11/09/2024 12:26:27 DEBUG: Copying Wazuh indexer certificates.
11/09/2024 12:26:27 INFO: Wazuh indexer post-install configuration finished.
11/09/2024 12:26:27 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
11/09/2024 12:26:40 INFO: wazuh-indexer service started.
11/09/2024 12:26:40 INFO: Initializing Wazuh indexer cluster security settings.
11/09/2024 12:26:40 DEBUG: Setting Wazuh indexer cluster passwords.
11/09/2024 12:26:40 DEBUG: Checking Wazuh installation.
11/09/2024 12:26:41 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:26:42 INFO: Wazuh indexer cluster initialized.
11/09/2024 12:26:42 DEBUG: Restoring Wazuh repository.
11/09/2024 12:26:42 INFO: Installation finished.
11/09/2024 12:26:42 DEBUG: Checking root permissions.
11/09/2024 12:26:42 DEBUG: Checking sudo package.
11/09/2024 12:26:42 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 12:26:42 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 12:26:42 DEBUG: APT package manager will be used.
11/09/2024 12:26:42 DEBUG: Checking system distribution.
11/09/2024 12:26:42 DEBUG: Detected distribution name: ubuntu
11/09/2024 12:26:42 DEBUG: Detected distribution version: 22
11/09/2024 12:26:42 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [40.2 kB]
Fetched 57.5 kB in 0s (172 kB/s)
Reading package lists...
11/09/2024 12:26:46 DEBUG: Checking Wazuh installation.
11/09/2024 12:26:46 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:26:47 DEBUG: Checking system architecture.
11/09/2024 12:26:47 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 12:26:47 DEBUG: CPU cores detected: 4
11/09/2024 12:26:47 DEBUG: Free RAM memory detected: 7847
11/09/2024 12:26:47 DEBUG: Checking previous certificate existence.
11/09/2024 12:26:47 DEBUG: Extracting Wazuh configuration.
11/09/2024 12:26:47 DEBUG: Reading configuration file.
11/09/2024 12:26:47 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:26:47 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:26:47 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:26:47 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
11/09/2024 12:26:50 INFO: Wazuh indexer cluster security configuration initialized.
11/09/2024 12:26:50 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
11/09/2024 12:26:56 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
11/09/2024 12:26:56 DEBUG: Setting Wazuh indexer cluster passwords.
11/09/2024 12:26:56 DEBUG: Checking Wazuh installation.
11/09/2024 12:26:56 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:26:57 INFO: Updating the internal users.
11/09/2024 12:26:57 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
11/09/2024 12:26:59 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
11/09/2024 12:26:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/09/2024 12:26:59 DEBUG: The internal users have been updated before changing the passwords.
11/09/2024 12:26:59 DEBUG: Generating password hashes.
11/09/2024 12:27:04 DEBUG: Password hashes generated.
11/09/2024 12:27:04 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
11/09/2024 12:27:06 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
11/09/2024 12:27:06 DEBUG: Running security admin tool.
11/09/2024 12:27:06 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
11/09/2024 12:27:08 DEBUG: Passwords changed.
11/09/2024 12:27:08 DEBUG: Restoring Wazuh repository.
11/09/2024 12:27:08 INFO: Wazuh indexer cluster started.
11/09/2024 12:27:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 12:27:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 12:27:13 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 12:27:19 INFO: Wazuh development repository added.
11/09/2024 12:27:19 INFO: --- Wazuh server ---
11/09/2024 12:27:19 INFO: Starting the Wazuh manager installation.
11/09/2024 12:28:07 INFO: Wazuh manager installation finished.
11/09/2024 12:28:08 INFO: Wazuh manager vulnerability detection configuration finished.
11/09/2024 12:28:08 INFO: Starting service wazuh-manager.
11/09/2024 12:28:24 INFO: wazuh-manager service started.
11/09/2024 12:28:24 INFO: Checking Wazuh API connection
11/09/2024 12:28:24 INFO: Wazuh API connection successful
11/09/2024 12:28:24 INFO: Starting Filebeat installation.
11/09/2024 12:28:36 INFO: Filebeat installation finished.
11/09/2024 12:28:37 INFO: Filebeat post-install configuration finished.
11/09/2024 12:28:40 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 12:29:01 INFO: Starting service filebeat.
11/09/2024 12:29:02 INFO: filebeat service started.
11/09/2024 12:29:02 INFO: Checking Filebeat connection
11/09/2024 12:29:02 INFO: Filebeat connection successful
11/09/2024 12:29:02 INFO: Installation finished.
11/09/2024 12:29:02 DEBUG: Checking root permissions.
11/09/2024 12:29:02 DEBUG: Checking sudo package.
11/09/2024 12:29:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 12:29:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 12:29:02 DEBUG: APT package manager will be used.
11/09/2024 12:29:02 DEBUG: Checking system distribution.
11/09/2024 12:29:02 DEBUG: Detected distribution name: ubuntu
11/09/2024 12:29:02 DEBUG: Detected distribution version: 22
11/09/2024 12:29:02 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [40.2 kB]
Fetched 57.5 kB in 0s (158 kB/s)
Reading package lists...
11/09/2024 12:29:07 DEBUG: Checking Wazuh installation.
11/09/2024 12:29:08 DEBUG: There are Wazuh remaining files.
11/09/2024 12:29:08 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:29:09 DEBUG: There are Filebeat remaining files.
11/09/2024 12:29:09 DEBUG: Checking system architecture.
11/09/2024 12:29:09 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 12:29:09 DEBUG: CPU cores detected: 4
11/09/2024 12:29:09 DEBUG: Free RAM memory detected: 7847
11/09/2024 12:29:09 DEBUG: Checking previous certificate existence.
11/09/2024 12:29:09 INFO: Wazuh web interface port will be 443.
11/09/2024 12:29:09 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
11/09/2024 12:29:13 DEBUG: Installing prerequisites dependencies.
11/09/2024 12:29:15 DEBUG: Checking curl tool version.
11/09/2024 12:29:15 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [40.5 kB]
Fetched 57.8 kB in 1s (89.3 kB/s)
Reading package lists...
11/09/2024 12:29:18 INFO: Wazuh development repository added.
11/09/2024 12:29:18 DEBUG: Extracting Wazuh configuration.
11/09/2024 12:29:18 DEBUG: Reading configuration file.
11/09/2024 12:29:18 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:29:18 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:29:18 DEBUG: Checking if 127.0.0.1 is private.
11/09/2024 12:29:18 DEBUG: Checking node names in the configuration file.
11/09/2024 12:29:18 INFO: --- Wazuh dashboard ----
11/09/2024 12:29:18 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 212 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 934 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
11/09/2024 12:31:28 DEBUG: Checking Wazuh installation.
11/09/2024 12:31:28 DEBUG: There are Wazuh remaining files.
11/09/2024 12:31:28 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:31:29 DEBUG: There are Filebeat remaining files.
11/09/2024 12:31:29 DEBUG: There are Wazuh dashboard remaining files.
11/09/2024 12:31:29 INFO: Wazuh dashboard installation finished.
11/09/2024 12:31:29 DEBUG: Configuring Wazuh dashboard.
11/09/2024 12:31:29 DEBUG: Copying Wazuh dashboard certificates.
11/09/2024 12:31:29 DEBUG: Wazuh dashboard certificate setup finished.
11/09/2024 12:31:29 INFO: Wazuh dashboard post-install configuration finished.
11/09/2024 12:31:29 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
11/09/2024 12:31:30 INFO: wazuh-dashboard service started.
11/09/2024 12:31:30 DEBUG: Setting Wazuh indexer cluster passwords.
11/09/2024 12:31:30 DEBUG: Checking Wazuh installation.
11/09/2024 12:31:30 DEBUG: There are Wazuh remaining files.
11/09/2024 12:31:30 DEBUG: There are Wazuh indexer remaining files.
11/09/2024 12:31:31 DEBUG: There are Filebeat remaining files.
11/09/2024 12:31:31 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
11/09/2024 12:31:31 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 12:31:31 DEBUG: Restarting filebeat service...
11/09/2024 12:31:32 DEBUG: filebeat started.
11/09/2024 12:31:32 DEBUG: Restarting wazuh-manager service...
11/09/2024 12:31:49 DEBUG: wazuh-manager started.
11/09/2024 12:31:50 DEBUG: Restarting wazuh-dashboard service...
11/09/2024 12:31:51 DEBUG: wazuh-dashboard started.
11/09/2024 12:31:51 DEBUG: Changing API passwords.
11/09/2024 12:32:01 INFO: Initializing Wazuh dashboard web application.
11/09/2024 12:32:01 DEBUG: Wazuh dashboard connection was successful.
11/09/2024 12:32:01 INFO: Wazuh dashboard web application initialized.
11/09/2024 12:32:01 INFO: --- Summary ---
11/09/2024 12:32:01 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: UonI+7LaEeUVipjoHZlUhf2AKNha7Y.?
11/09/2024 12:32:01 DEBUG: Restoring Wazuh repository.
11/09/2024 12:32:01 INFO: Installation finished.