-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate package repository selection to Wazuh installation assistant #63
Comments
Update ReportDevelopmentI have changed the logic of choosing the repository for the assistant. However, after this change, the builder script does not know about the chosen repository, so the change of the Filebeat template URL must be migrated too. The following logic must be added:
This was worked in wazuh/wazuh-packages#3092, but it must be redone. PoC - Change Filebeat template URLIn order to perform a proof of concept of the migrated checkFilebeatURL builder function, the following snippet has been tested: #!/bin/bash
readonly wazuh_version="4.10.0"
source_branch="v${wazuh_version}"
filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json"
if [[ ! "${source_branch}" =~ "-" ]]; then
source_branch="${source_branch#v}"
filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json"
fi
new_filebeat_url="${filebeat_wazuh_template/${source_branch}/master}"
# Get the response of the URL and check it
response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template)
if [ "${response}" != "200" ]; then
response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url)
# Display error if both URLs do not get the resource
if [ "${response}" != "200" ]; then
echo -e "Error: Could not get the Filebeat Wazuh template. "
# If matches, replace the variable of installVariables to the new one
else
echo "Changing Filebeat URL..."
filebeat_wazuh_template="${new_filebeat_url}"
fi
fi
➜ ~ bash -x test_url_filebeat.sh
+ readonly wazuh_version=4.10.0
+ wazuh_version=4.10.0
+ source_branch=v4.10.0
+ filebeat_wazuh_template=https://raw.githubusercontent.com/wazuh/wazuh/v4.10.0/extensions/elasticsearch/7.x/wazuh-template.json
+ [[ ! v4.10.0 =~ - ]]
+ source_branch=4.10.0
+ filebeat_wazuh_template=https://raw.githubusercontent.com/wazuh/wazuh/4.10.0/extensions/elasticsearch/7.x/wazuh-template.json
+ new_filebeat_url=https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json
++ curl -I --write-out '%{http_code}' --silent --output /dev/null https://raw.githubusercontent.com/wazuh/wazuh/4.10.0/extensions/elasticsearch/7.x/wazuh-template.json
+ response=200
+ '[' 200 '!=' 200 ']'
➜ ~
➜ ~ bash -x test_url_filebeat.sh
+ readonly wazuh_version=4.10.0
+ wazuh_version=4.10.0
+ source_branch=v4.10.0-rc2
+ filebeat_wazuh_template=https://raw.githubusercontent.com/wazuh/wazuh/v4.10.0-rc2/extensions/elasticsearch/7.x/wazuh-template.json
+ [[ ! v4.10.0-rc2 =~ - ]]
+ new_filebeat_url=https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json
++ curl -I --write-out '%{http_code}' --silent --output /dev/null https://raw.githubusercontent.com/wazuh/wazuh/v4.10.0-rc2/extensions/elasticsearch/7.x/wazuh-template.json
+ response=404
+ '[' 404 '!=' 200 ']'
++ curl -I --write-out '%{http_code}' --silent --output /dev/null https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json
+ response=200
+ '[' 200 '!=' 200 ']'
+ echo 'Changing Filebeat URL...'
Changing Filebeat URL...
+ filebeat_wazuh_template=https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json Important Although the Filebeat template is being fetched using the |
Update ReportTesting 🧪The following testing has been performed:
AIO installation using production (4.9.0)root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -a -v
19/09/2024 12:39:05 DEBUG: Checking root permissions.
19/09/2024 12:39:05 DEBUG: Checking sudo package.
19/09/2024 12:39:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 12:39:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 12:39:05 DEBUG: APT package manager will be used.
19/09/2024 12:39:05 DEBUG: Checking system distribution.
19/09/2024 12:39:05 DEBUG: Detected distribution name: ubuntu
19/09/2024 12:39:05 DEBUG: Detected distribution version: 22
19/09/2024 12:39:05 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB]
Get:7 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1839 kB]
Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB]
Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB]
Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB]
Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B]
Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [2058 kB]
Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [355 kB]
Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [17.8 kB]
Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [2495 kB]
Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [429 kB]
Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [616 B]
Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1125 kB]
Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [261 kB]
Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [26.1 kB]
Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [43.3 kB]
Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.8 kB]
Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [444 B]
Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.8 kB]
Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.1 kB]
Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B]
Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B]
Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [28.8 kB]
Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB]
Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [672 B]
Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B]
Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [298 kB]
Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [13.3 kB]
Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [2431 kB]
Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [418 kB]
Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [584 B]
Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [903 kB]
Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [177 kB]
Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [19.3 kB]
Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB]
Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B]
Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [228 B]
Fetched 33.8 MB in 4s (9416 kB/s)
Reading package lists...
19/09/2024 12:39:17 DEBUG: Checking Wazuh installation.
19/09/2024 12:39:18 DEBUG: Checking system architecture.
19/09/2024 12:39:18 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 12:39:18 DEBUG: CPU cores detected: 4
19/09/2024 12:39:18 DEBUG: Free RAM memory detected: 7847
19/09/2024 12:39:18 INFO: Wazuh web interface port will be 443.
19/09/2024 12:39:18 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 12:39:20 DEBUG: Installing prerequisites dependencies.
19/09/2024 12:39:23 INFO: --- Dependencies ----
19/09/2024 12:39:23 INFO: Installing apt-transport-https.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 218 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.13 [1510 B] Fetched 1510 B in 0s (116 kB/s) S NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
19/09/2024 12:39:28 INFO: Installing debhelper.
Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gcc-12-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6 libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgcc-s1 libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libstdc++6 libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto Suggested packages: autoconf-archive gnu-standards autoconf-doc bzip2-doc cpp-doc gcc-11-locales dh-make debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib flex bison gdb gcc-doc gcc-11-multilib gettext-doc libasprintf-dev libgettextpo-dev glibc-doc bzr libgd-tools libtool-doc libstdc++-11-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc libmail-box-perl Recommended packages: libnss-nis libnss-nisplus The following NEW packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto The following packages will be upgraded: gcc-12-base libc6 libgcc-s1 libstdc++6 4 upgraded, 75 newly installed, 0 to remove and 214 not upgraded. Need to get 72.2 MB of archives. After this operation, 221 MB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6 amd64 2.35-0ubuntu3.8 [3235 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-12-base amd64 12.3.0-1ubuntu1~22.04 [20.1 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++6 amd64 12.3.0-1ubuntu1~22.04 [699 kB] Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-s1 amd64 12.3.0-1ubuntu1~22.04 [53.9 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 m4 amd64 1.4.18-5ubuntu2 [199 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autoconf all 2.71-2 [338 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autotools-dev all 20220109.1 [44.9 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 automake all 1:1.16.5-1.3 [558 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autopoint all 0.21-4ubuntu4 [422 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-dev-bin amd64 2.35-0ubuntu3.8 [20.3 kB] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-libc-dev amd64 5.15.0-122.132 [1322 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libcrypt-dev amd64 1:4.4.27-1 [112 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu6 [68.5 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtirpc-dev amd64 1.3.2-2ubuntu0.1 [192 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libnsl-dev amd64 1.3.0-2build2 [71.3 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6-dev amd64 2.35-0ubuntu3.8 [2100 kB] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11-base amd64 11.4.0-1ubuntu1~22.04 [20.2 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libisl23 amd64 0.24-2build1 [727 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmpc3 amd64 1.2.1-2build1 [46.9 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpp-11 amd64 11.4.0-1ubuntu1~22.04 [10.0 MB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 cpp amd64 4:11.2.0-1ubuntu1 [27.7 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcc1-0 amd64 12.3.0-1ubuntu1~22.04 [48.3 kB] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgomp1 amd64 12.3.0-1ubuntu1~22.04 [126 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libitm1 amd64 12.3.0-1ubuntu1~22.04 [30.2 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libatomic1 amd64 12.3.0-1ubuntu1~22.04 [10.4 kB] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libasan6 amd64 11.4.0-1ubuntu1~22.04 [2282 kB] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 liblsan0 amd64 12.3.0-1ubuntu1~22.04 [1069 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtsan0 amd64 11.4.0-1ubuntu1~22.04 [2260 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libubsan1 amd64 12.3.0-1ubuntu1~22.04 [976 kB] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libquadmath0 amd64 12.3.0-1ubuntu1~22.04 [154 kB] Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-11-dev amd64 11.4.0-1ubuntu1~22.04 [2517 kB] Get:32 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11 amd64 11.4.0-1ubuntu1~22.04 [20.1 MB] Get:33 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gcc amd64 4:11.2.0-1ubuntu1 [5112 B] Get:34 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++-11-dev amd64 11.4.0-1ubuntu1~22.04 [2101 kB] Get:35 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 g++-11 amd64 11.4.0-1ubuntu1~22.04 [11.4 MB] Get:36 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 g++ amd64 4:11.2.0-1ubuntu1 [1412 B] Get:37 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB] Get:38 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libdpkg-perl all 1.21.1ubuntu2.3 [237 kB] Get:39 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:40 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lto-disabled-list all 24 [12.5 kB] Get:41 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg-dev all 1.21.1ubuntu2.3 [922 kB] Get:42 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 build-essential amd64 12.9ubuntu3 [4744 B] Get:43 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdebhelper-perl all 13.6ubuntu1 [67.2 kB] Get:44 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libtool all 2.4.6-15build2 [164 kB] Get:45 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-autoreconf all 20 [16.1 kB] Get:46 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB] Get:47 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsub-override-perl all 0.09-2 [9532 B] Get:48 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-stripnondeterminism-perl all 1.13.0-1 [18.1 kB] Get:49 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-strip-nondeterminism all 1.13.0-1 [5344 B] Get:50 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debugedit amd64 1:5.0-4build1 [47.2 kB] Get:51 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dwz amd64 0.14-1build2 [105 kB] Get:52 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gettext amd64 0.21-4ubuntu4 [868 kB] Get:53 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 intltool-debian all 0.35.0+20060710.5 [24.9 kB] Get:54 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 po-debconf all 1.0.21+nmu1 [233 kB] Get:55 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debhelper all 13.6ubuntu1 [923 kB] Get:56 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfakeroot amd64 1.28-1ubuntu1 [31.5 kB] Get:57 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fakeroot amd64 1.28-1ubuntu1 [60.4 kB] Get:58 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB] Get:59 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB] Get:60 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB] Get:61 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6build3 [11.9 kB] Get:62 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-merge-perl all 0.08-3 [12.0 kB] Get:63 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-cpio-perl all 0.10-1.1 [9928 B] Get:64 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB] Get:65 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg-turbo8 amd64 2.1.2-0ubuntu1 [134 kB] Get:66 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg8 amd64 8c-2ubuntu10 [2264 B] Get:67 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdeflate0 amd64 1.10-2 [70.9 kB] Get:68 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.22.04.1 [29.2 kB] Get:69 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwebp7 amd64 1.2.2-2ubuntu0.22.04.2 [206 kB] Get:70 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtiff5 amd64 4.3.0-6ubuntu0.10 [185 kB] Get:71 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.22.04.2 [36.7 kB] Get:72 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libgd3 amd64 2.3.0-2ubuntu2 [129 kB] Get:73 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-devtools amd64 2.35-0ubuntu3.8 [28.9 kB] Get:74 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-fcntllock-perl amd64 0.22-3build7 [33.9 kB] Get:75 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl7 amd64 2.4.6-15build2 [39.6 kB] Get:76 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl-dev amd64 2.4.6-15build2 [169 kB] Get:77 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsys-hostname-long-perl all 1.5-2 [11.5 kB] Get:78 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmail-sendmail-perl all 0.80-1.1 [22.7 kB] Get:79 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 manpages-dev all 5.10-1ubuntu1 [2309 kB] Preconfiguring packages ... Fetched 72.2 MB in 1s (70.7 MB/s) NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 12:39:49 DEBUG: Checking curl tool version.
19/09/2024 12:39:49 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [40.2 kB]
Fetched 57.5 kB in 0s (187 kB/s)
Reading package lists...
19/09/2024 12:39:51 INFO: Wazuh repository added.
19/09/2024 12:39:51 INFO: --- Configuration files ---
19/09/2024 12:39:51 INFO: Generating configuration files.
19/09/2024 12:39:51 DEBUG: Creating Wazuh certificates.
19/09/2024 12:39:51 DEBUG: Reading configuration file.
19/09/2024 12:39:51 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 12:39:51 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 12:39:51 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 12:39:51 INFO: Generating the root certificate.
19/09/2024 12:39:52 INFO: Generating Admin certificates.
19/09/2024 12:39:52 DEBUG: Generating Admin private key.
19/09/2024 12:39:52 DEBUG: Converting Admin private key to PKCS8 format.
19/09/2024 12:39:52 DEBUG: Generating Admin CSR.
19/09/2024 12:39:52 DEBUG: Creating Admin certificate.
19/09/2024 12:39:52 INFO: Generating Wazuh indexer certificates.
19/09/2024 12:39:52 DEBUG: Creating the certificates for wazuh-indexer indexer node.
19/09/2024 12:39:52 DEBUG: Generating certificate configuration.
19/09/2024 12:39:52 DEBUG: Creating the Wazuh indexer tmp key pair.
19/09/2024 12:39:52 DEBUG: Creating the Wazuh indexer certificates.
19/09/2024 12:39:52 INFO: Generating Filebeat certificates.
19/09/2024 12:39:52 DEBUG: Generating the certificates for wazuh-server server node.
19/09/2024 12:39:52 DEBUG: Generating certificate configuration.
19/09/2024 12:39:52 DEBUG: Creating the Wazuh server tmp key pair.
19/09/2024 12:39:52 DEBUG: Creating the Wazuh server certificates.
19/09/2024 12:39:52 INFO: Generating Wazuh dashboard certificates.
19/09/2024 12:39:52 DEBUG: Generating certificate configuration.
19/09/2024 12:39:52 DEBUG: Creating the Wazuh dashboard tmp key pair.
19/09/2024 12:39:52 DEBUG: Creating the Wazuh dashboard certificates.
19/09/2024 12:39:52 DEBUG: Cleaning certificate files.
19/09/2024 12:39:52 DEBUG: Generating password file.
19/09/2024 12:39:52 DEBUG: Generating random passwords.
19/09/2024 12:39:52 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
19/09/2024 12:39:52 DEBUG: Extracting Wazuh configuration.
19/09/2024 12:39:52 DEBUG: Reading configuration file.
19/09/2024 12:39:52 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 12:39:52 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 12:39:52 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 12:39:52 INFO: --- Wazuh indexer ---
19/09/2024 12:39:52 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-indexer amd64 4.9.0-1 [850 MB] Fetched 850 MB in 10s (82.2 MB/s) Selecting previously unselecte ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 12:40:17 DEBUG: Checking Wazuh installation.
19/09/2024 12:40:18 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 12:40:18 INFO: Wazuh indexer installation finished.
19/09/2024 12:40:18 DEBUG: Configuring Wazuh indexer.
19/09/2024 12:40:18 DEBUG: Copying Wazuh indexer certificates.
19/09/2024 12:40:18 INFO: Wazuh indexer post-install configuration finished.
19/09/2024 12:40:18 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
19/09/2024 12:40:29 INFO: wazuh-indexer service started.
19/09/2024 12:40:29 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
19/09/2024 12:40:33 INFO: Wazuh indexer cluster security configuration initialized.
19/09/2024 12:40:33 INFO: Wazuh indexer cluster initialized.
19/09/2024 12:40:33 INFO: --- Wazuh server ---
19/09/2024 12:40:33 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 322 MB of archives. After this operation, 891 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-manager amd64 4.9.0-1 [322 MB] Fetched 322 MB in 4s (90.7 MB/s) Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 12:41:24 DEBUG: Checking Wazuh installation.
19/09/2024 12:41:24 DEBUG: There are Wazuh remaining files.
19/09/2024 12:41:24 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 12:41:25 INFO: Wazuh manager installation finished.
19/09/2024 12:41:25 DEBUG: Configuring Wazuh manager.
19/09/2024 12:41:25 DEBUG: Setting provisional Wazuh indexer password.
19/09/2024 12:41:25 INFO: Wazuh manager vulnerability detection configuration finished.
19/09/2024 12:41:25 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
19/09/2024 12:41:41 INFO: wazuh-manager service started.
19/09/2024 12:41:41 INFO: Checking Wazuh API connection
19/09/2024 12:41:41 INFO: Wazuh API connection successful
19/09/2024 12:41:41 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 0s (59.1 MB/s) Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 12:41:50 DEBUG: Checking Wazuh installation.
19/09/2024 12:41:50 DEBUG: There are Wazuh remaining files.
19/09/2024 12:41:50 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 12:41:51 DEBUG: There are Filebeat remaining files.
19/09/2024 12:41:51 INFO: Filebeat installation finished.
19/09/2024 12:41:51 DEBUG: Configuring Filebeat.
19/09/2024 12:41:51 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
19/09/2024 12:41:51 DEBUG: Filebeat module was downloaded successfully.
19/09/2024 12:41:51 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 12:41:52 INFO: Filebeat post-install configuration finished.
19/09/2024 12:41:52 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
19/09/2024 12:41:53 INFO: filebeat service started.
19/09/2024 12:41:53 INFO: Checking Filebeat connection
19/09/2024 12:41:53 INFO: Filebeat connection successful
19/09/2024 12:41:53 INFO: --- Wazuh dashboard ---
19/09/2024 12:41:53 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 166 MB of archives. After this operation, 934 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-dashboard amd64 4.9.0-2 [166 MB] Fetched 166 MB in 3s (57.1 MB/s) Selecting previously unselec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 12:44:08 DEBUG: Checking Wazuh installation.
19/09/2024 12:44:09 DEBUG: There are Wazuh remaining files.
19/09/2024 12:44:09 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 12:44:09 DEBUG: There are Filebeat remaining files.
19/09/2024 12:44:09 DEBUG: There are Wazuh dashboard remaining files.
19/09/2024 12:44:09 INFO: Wazuh dashboard installation finished.
19/09/2024 12:44:09 DEBUG: Configuring Wazuh dashboard.
19/09/2024 12:44:09 DEBUG: Copying Wazuh dashboard certificates.
19/09/2024 12:44:09 DEBUG: Wazuh dashboard certificate setup finished.
19/09/2024 12:44:09 INFO: Wazuh dashboard post-install configuration finished.
19/09/2024 12:44:09 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
19/09/2024 12:44:10 INFO: wazuh-dashboard service started.
19/09/2024 12:44:10 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 12:44:10 DEBUG: Checking Wazuh installation.
19/09/2024 12:44:10 DEBUG: There are Wazuh remaining files.
19/09/2024 12:44:10 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 12:44:11 DEBUG: There are Filebeat remaining files.
19/09/2024 12:44:11 DEBUG: There are Wazuh dashboard remaining files.
19/09/2024 12:44:11 INFO: Updating the internal users.
19/09/2024 12:44:11 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 12:44:14 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/09/2024 12:44:14 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
19/09/2024 12:44:14 DEBUG: The internal users have been updated before changing the passwords.
19/09/2024 12:44:14 DEBUG: Generating password hashes.
19/09/2024 12:44:19 DEBUG: Password hashes generated.
19/09/2024 12:44:19 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 12:44:21 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 12:44:22 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
19/09/2024 12:44:22 DEBUG: Restarting filebeat service...
19/09/2024 12:44:22 DEBUG: filebeat started.
19/09/2024 12:44:22 DEBUG: Restarting wazuh-manager service...
19/09/2024 12:44:39 DEBUG: wazuh-manager started.
19/09/2024 12:44:39 DEBUG: Restarting wazuh-dashboard service...
19/09/2024 12:44:40 DEBUG: wazuh-dashboard started.
19/09/2024 12:44:40 DEBUG: Running security admin tool.
19/09/2024 12:44:40 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
19/09/2024 12:44:43 DEBUG: Passwords changed.
19/09/2024 12:44:43 DEBUG: Changing API passwords.
19/09/2024 12:44:49 INFO: Initializing Wazuh dashboard web application.
19/09/2024 12:44:50 INFO: Wazuh dashboard web application initialized.
19/09/2024 12:44:50 INFO: --- Summary ---
19/09/2024 12:44:50 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: E3I6.JruYzrfqsu22LpiGrAqm8zI8FHW
19/09/2024 12:44:50 DEBUG: Restoring Wazuh repository.
19/09/2024 12:44:50 INFO: Installation finished.
root@ip-172-31-46-243:/home/ubuntu# AIO installation using pre-release (4.9.0)root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -a -v -d pre-release
19/09/2024 14:34:22 DEBUG: Using development bucket: pre-release
19/09/2024 14:34:22 DEBUG: Checking root permissions.
19/09/2024 14:34:22 DEBUG: Checking sudo package.
19/09/2024 14:34:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 14:34:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 14:34:22 DEBUG: APT package manager will be used.
19/09/2024 14:34:22 DEBUG: Checking system distribution.
19/09/2024 14:34:22 DEBUG: Detected distribution name: ubuntu
19/09/2024 14:34:22 DEBUG: Detected distribution version: 22
19/09/2024 14:34:22 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:34:25 DEBUG: Checking Wazuh installation.
19/09/2024 14:34:27 INFO: Using Filebeat template from master branch.
19/09/2024 14:34:27 DEBUG: Checking system architecture.
19/09/2024 14:34:27 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 14:34:27 DEBUG: CPU cores detected: 4
19/09/2024 14:34:27 DEBUG: Free RAM memory detected: 7847
19/09/2024 14:34:27 INFO: Wazuh web interface port will be 443.
19/09/2024 14:34:27 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:34:29 DEBUG: Installing prerequisites dependencies.
19/09/2024 14:34:32 DEBUG: Checking curl tool version.
19/09/2024 14:34:32 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [40.5 kB]
Fetched 57.8 kB in 1s (89.6 kB/s)
Reading package lists...
19/09/2024 14:34:34 INFO: Wazuh development repository added.
19/09/2024 14:34:34 INFO: --- Configuration files ---
19/09/2024 14:34:34 INFO: Generating configuration files.
19/09/2024 14:34:34 DEBUG: Creating Wazuh certificates.
19/09/2024 14:34:34 DEBUG: Reading configuration file.
19/09/2024 14:34:34 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:34:34 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:34:34 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:34:34 INFO: Generating the root certificate.
19/09/2024 14:34:35 INFO: Generating Admin certificates.
19/09/2024 14:34:35 DEBUG: Generating Admin private key.
19/09/2024 14:34:35 DEBUG: Converting Admin private key to PKCS8 format.
19/09/2024 14:34:35 DEBUG: Generating Admin CSR.
19/09/2024 14:34:35 DEBUG: Creating Admin certificate.
19/09/2024 14:34:35 INFO: Generating Wazuh indexer certificates.
19/09/2024 14:34:35 DEBUG: Creating the certificates for wazuh-indexer indexer node.
19/09/2024 14:34:35 DEBUG: Generating certificate configuration.
19/09/2024 14:34:35 DEBUG: Creating the Wazuh indexer tmp key pair.
19/09/2024 14:34:35 DEBUG: Creating the Wazuh indexer certificates.
19/09/2024 14:34:35 INFO: Generating Filebeat certificates.
19/09/2024 14:34:35 DEBUG: Generating the certificates for wazuh-server server node.
19/09/2024 14:34:35 DEBUG: Generating certificate configuration.
19/09/2024 14:34:35 DEBUG: Creating the Wazuh server tmp key pair.
19/09/2024 14:34:36 DEBUG: Creating the Wazuh server certificates.
19/09/2024 14:34:36 INFO: Generating Wazuh dashboard certificates.
19/09/2024 14:34:36 DEBUG: Generating certificate configuration.
19/09/2024 14:34:36 DEBUG: Creating the Wazuh dashboard tmp key pair.
19/09/2024 14:34:36 DEBUG: Creating the Wazuh dashboard certificates.
19/09/2024 14:34:36 DEBUG: Cleaning certificate files.
19/09/2024 14:34:36 DEBUG: Generating password file.
19/09/2024 14:34:36 DEBUG: Generating random passwords.
19/09/2024 14:34:36 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
19/09/2024 14:34:36 DEBUG: Extracting Wazuh configuration.
19/09/2024 14:34:36 DEBUG: Reading configuration file.
19/09/2024 14:34:36 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:34:36 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:34:36 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:34:36 INFO: --- Wazuh indexer ---
19/09/2024 14:34:36 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Selecting previously unselected package ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:34:49 DEBUG: Checking Wazuh installation.
19/09/2024 14:34:50 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:34:51 INFO: Wazuh indexer installation finished.
19/09/2024 14:34:51 DEBUG: Configuring Wazuh indexer.
19/09/2024 14:34:51 DEBUG: Copying Wazuh indexer certificates.
19/09/2024 14:34:51 INFO: Wazuh indexer post-install configuration finished.
19/09/2024 14:34:51 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
19/09/2024 14:35:03 INFO: wazuh-indexer service started.
19/09/2024 14:35:03 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
19/09/2024 14:35:06 INFO: Wazuh indexer cluster security configuration initialized.
19/09/2024 14:35:06 INFO: Wazuh indexer cluster initialized.
19/09/2024 14:35:06 INFO: --- Wazuh server ---
19/09/2024 14:35:06 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:35:52 DEBUG: Checking Wazuh installation.
19/09/2024 14:35:53 DEBUG: There are Wazuh remaining files.
19/09/2024 14:35:53 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:35:54 INFO: Wazuh manager installation finished.
19/09/2024 14:35:54 DEBUG: Configuring Wazuh manager.
19/09/2024 14:35:54 DEBUG: Setting provisional Wazuh indexer password.
19/09/2024 14:35:54 INFO: Wazuh manager vulnerability detection configuration finished.
19/09/2024 14:35:54 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
19/09/2024 14:36:08 INFO: wazuh-manager service started.
19/09/2024 14:36:08 INFO: Checking Wazuh API connection
19/09/2024 14:36:08 INFO: Wazuh API connection successful
19/09/2024 14:36:08 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:36:19 DEBUG: Checking Wazuh installation.
19/09/2024 14:36:19 DEBUG: There are Wazuh remaining files.
19/09/2024 14:36:20 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:36:20 DEBUG: There are Filebeat remaining files.
19/09/2024 14:36:21 INFO: Filebeat installation finished.
19/09/2024 14:36:21 DEBUG: Configuring Filebeat.
19/09/2024 14:36:21 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
19/09/2024 14:36:21 DEBUG: Filebeat module was downloaded successfully.
19/09/2024 14:36:21 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:36:22 INFO: Filebeat post-install configuration finished.
19/09/2024 14:36:22 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
19/09/2024 14:36:23 INFO: filebeat service started.
19/09/2024 14:36:23 INFO: Checking Filebeat connection
19/09/2024 14:36:23 INFO: Filebeat connection successful
19/09/2024 14:36:23 INFO: --- Wazuh dashboard ---
19/09/2024 14:36:23 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 934 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:38:38 DEBUG: Checking Wazuh installation.
19/09/2024 14:38:38 DEBUG: There are Wazuh remaining files.
19/09/2024 14:38:39 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:38:39 DEBUG: There are Filebeat remaining files.
19/09/2024 14:38:39 DEBUG: There are Wazuh dashboard remaining files.
19/09/2024 14:38:39 INFO: Wazuh dashboard installation finished.
19/09/2024 14:38:39 DEBUG: Configuring Wazuh dashboard.
19/09/2024 14:38:39 DEBUG: Copying Wazuh dashboard certificates.
19/09/2024 14:38:39 DEBUG: Wazuh dashboard certificate setup finished.
19/09/2024 14:38:39 INFO: Wazuh dashboard post-install configuration finished.
19/09/2024 14:38:39 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
19/09/2024 14:38:40 INFO: wazuh-dashboard service started.
19/09/2024 14:38:40 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 14:38:40 DEBUG: Checking Wazuh installation.
19/09/2024 14:38:40 DEBUG: There are Wazuh remaining files.
19/09/2024 14:38:41 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:38:41 DEBUG: There are Filebeat remaining files.
19/09/2024 14:38:41 DEBUG: There are Wazuh dashboard remaining files.
19/09/2024 14:38:41 INFO: Updating the internal users.
19/09/2024 14:38:41 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 14:38:44 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/09/2024 14:38:44 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
19/09/2024 14:38:44 DEBUG: The internal users have been updated before changing the passwords.
19/09/2024 14:38:44 DEBUG: Generating password hashes.
19/09/2024 14:38:50 DEBUG: Password hashes generated.
19/09/2024 14:38:50 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 14:38:52 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:38:52 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
19/09/2024 14:38:52 DEBUG: Restarting filebeat service...
19/09/2024 14:38:52 DEBUG: filebeat started.
19/09/2024 14:38:52 DEBUG: Restarting wazuh-manager service...
19/09/2024 14:39:09 DEBUG: wazuh-manager started.
19/09/2024 14:39:09 DEBUG: Restarting wazuh-dashboard service...
19/09/2024 14:39:10 DEBUG: wazuh-dashboard started.
19/09/2024 14:39:10 DEBUG: Running security admin tool.
19/09/2024 14:39:10 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
19/09/2024 14:39:12 DEBUG: Passwords changed.
19/09/2024 14:39:12 DEBUG: Changing API passwords.
19/09/2024 14:39:19 INFO: Initializing Wazuh dashboard web application.
19/09/2024 14:39:19 INFO: Wazuh dashboard web application initialized.
19/09/2024 14:39:19 INFO: --- Summary ---
19/09/2024 14:39:19 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: aCXeeYW4.j*LWWDN?REkku?HoPp66EIx
19/09/2024 14:39:19 DEBUG: Restoring Wazuh repository.
19/09/2024 14:39:20 INFO: Installation finished.
root@ip-172-31-46-243:/home/ubuntu# Installing components individually using production (4.9.0)root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -wi wazuh-indexer -v && bash wazuh-install.sh -s -v && bash wazuh-install.sh -ws wazuh-server -v && bash wazuh-install.sh -wd wazuh-dashboard -v19/09/2024 14:43:12 DEBUG: Checking root permissions.
19/09/2024 14:43:12 DEBUG: Checking sudo package.
19/09/2024 14:43:12 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 14:43:12 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 14:43:12 DEBUG: APT package manager will be used.
19/09/2024 14:43:12 DEBUG: Checking system distribution.
19/09/2024 14:43:12 DEBUG: Detected distribution name: ubuntu
19/09/2024 14:43:12 DEBUG: Detected distribution version: 22
19/09/2024 14:43:12 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:43:15 DEBUG: Checking Wazuh installation.
19/09/2024 14:43:16 DEBUG: Checking system architecture.
19/09/2024 14:43:16 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 14:43:16 DEBUG: CPU cores detected: 4
19/09/2024 14:43:16 DEBUG: Free RAM memory detected: 7847
19/09/2024 14:43:16 DEBUG: Checking previous certificate existence.
19/09/2024 14:43:17 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:43:19 DEBUG: Installing prerequisites dependencies.
19/09/2024 14:43:20 DEBUG: Checking curl tool version.
19/09/2024 14:43:20 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [40.2 kB]
Fetched 57.5 kB in 0s (186 kB/s)
Reading package lists...
19/09/2024 14:43:21 INFO: Wazuh repository added.
19/09/2024 14:43:21 DEBUG: Extracting Wazuh configuration.
19/09/2024 14:43:21 DEBUG: Reading configuration file.
19/09/2024 14:43:21 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:43:21 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:43:21 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:43:21 DEBUG: Checking node names in the configuration file.
19/09/2024 14:43:21 INFO: --- Wazuh indexer ---
19/09/2024 14:43:21 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Selecting previously unselected package ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:43:35 DEBUG: Checking Wazuh installation.
19/09/2024 14:43:35 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:43:36 INFO: Wazuh indexer installation finished.
19/09/2024 14:43:36 DEBUG: Configuring Wazuh indexer.
19/09/2024 14:43:36 DEBUG: Copying Wazuh indexer certificates.
19/09/2024 14:43:36 INFO: Wazuh indexer post-install configuration finished.
19/09/2024 14:43:36 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
19/09/2024 14:43:48 INFO: wazuh-indexer service started.
19/09/2024 14:43:48 INFO: Initializing Wazuh indexer cluster security settings.
19/09/2024 14:43:48 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 14:43:48 DEBUG: Checking Wazuh installation.
19/09/2024 14:43:49 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:43:50 INFO: Wazuh indexer cluster initialized.
19/09/2024 14:43:50 DEBUG: Restoring Wazuh repository.
19/09/2024 14:43:50 INFO: Installation finished.
19/09/2024 14:43:50 DEBUG: Checking root permissions.
19/09/2024 14:43:50 DEBUG: Checking sudo package.
19/09/2024 14:43:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 14:43:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 14:43:50 DEBUG: APT package manager will be used.
19/09/2024 14:43:50 DEBUG: Checking system distribution.
19/09/2024 14:43:50 DEBUG: Detected distribution name: ubuntu
19/09/2024 14:43:50 DEBUG: Detected distribution version: 22
19/09/2024 14:43:50 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:43:53 DEBUG: Checking Wazuh installation.
19/09/2024 14:43:54 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:43:54 DEBUG: Checking system architecture.
19/09/2024 14:43:54 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 14:43:54 DEBUG: CPU cores detected: 4
19/09/2024 14:43:54 DEBUG: Free RAM memory detected: 7847
19/09/2024 14:43:54 DEBUG: Checking previous certificate existence.
19/09/2024 14:43:54 DEBUG: Extracting Wazuh configuration.
19/09/2024 14:43:54 DEBUG: Reading configuration file.
19/09/2024 14:43:54 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:43:54 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:43:54 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:43:54 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
19/09/2024 14:43:57 INFO: Wazuh indexer cluster security configuration initialized.
19/09/2024 14:43:57 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
19/09/2024 14:44:03 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
19/09/2024 14:44:03 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 14:44:03 DEBUG: Checking Wazuh installation.
19/09/2024 14:44:03 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:44:04 INFO: Updating the internal users.
19/09/2024 14:44:04 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 14:44:06 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/09/2024 14:44:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
19/09/2024 14:44:06 DEBUG: The internal users have been updated before changing the passwords.
19/09/2024 14:44:06 DEBUG: Generating password hashes.
19/09/2024 14:44:10 DEBUG: Password hashes generated.
19/09/2024 14:44:10 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 14:44:12 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/09/2024 14:44:12 DEBUG: Running security admin tool.
19/09/2024 14:44:12 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
19/09/2024 14:44:14 DEBUG: Passwords changed.
19/09/2024 14:44:14 DEBUG: Restoring Wazuh repository.
19/09/2024 14:44:14 INFO: Wazuh indexer cluster started.
19/09/2024 14:44:14 DEBUG: Checking root permissions.
19/09/2024 14:44:14 DEBUG: Checking sudo package.
19/09/2024 14:44:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 14:44:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 14:44:14 DEBUG: APT package manager will be used.
19/09/2024 14:44:14 DEBUG: Checking system distribution.
19/09/2024 14:44:14 DEBUG: Detected distribution name: ubuntu
19/09/2024 14:44:14 DEBUG: Detected distribution version: 22
19/09/2024 14:44:14 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:44:18 DEBUG: Checking Wazuh installation.
19/09/2024 14:44:18 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:44:19 DEBUG: Checking system architecture.
19/09/2024 14:44:19 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 14:44:19 DEBUG: CPU cores detected: 4
19/09/2024 14:44:19 DEBUG: Free RAM memory detected: 7847
19/09/2024 14:44:19 DEBUG: Checking previous certificate existence.
19/09/2024 14:44:19 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:44:21 DEBUG: Installing prerequisites dependencies.
19/09/2024 14:44:22 DEBUG: Checking curl tool version.
19/09/2024 14:44:22 DEBUG: Adding the Wazuh repository.
19/09/2024 14:44:22 DEBUG: Wazuh repository already exists. Skipping addition.
19/09/2024 14:44:22 INFO: Wazuh repository added.
19/09/2024 14:44:22 DEBUG: Extracting Wazuh configuration.
19/09/2024 14:44:22 DEBUG: Reading configuration file.
19/09/2024 14:44:22 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:44:22 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:44:22 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:44:22 DEBUG: Checking node names in the configuration file.
19/09/2024 14:44:22 INFO: --- Wazuh server ---
19/09/2024 14:44:22 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:45:08 DEBUG: Checking Wazuh installation.
19/09/2024 14:45:09 DEBUG: There are Wazuh remaining files.
19/09/2024 14:45:09 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:45:09 INFO: Wazuh manager installation finished.
19/09/2024 14:45:09 DEBUG: Configuring Wazuh manager.
19/09/2024 14:45:09 DEBUG: Setting provisional Wazuh indexer password.
19/09/2024 14:45:09 INFO: Wazuh manager vulnerability detection configuration finished.
19/09/2024 14:45:10 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
19/09/2024 14:45:22 INFO: wazuh-manager service started.
19/09/2024 14:45:22 INFO: Checking Wazuh API connection
19/09/2024 14:45:23 INFO: Wazuh API connection successful
19/09/2024 14:45:23 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:45:33 DEBUG: Checking Wazuh installation.
19/09/2024 14:45:33 DEBUG: There are Wazuh remaining files.
19/09/2024 14:45:34 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:45:34 DEBUG: There are Filebeat remaining files.
19/09/2024 14:45:35 INFO: Filebeat installation finished.
19/09/2024 14:45:35 DEBUG: Configuring Filebeat.
19/09/2024 14:45:35 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
19/09/2024 14:45:35 DEBUG: Filebeat module was downloaded successfully.
19/09/2024 14:45:35 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:45:35 INFO: Filebeat post-install configuration finished.
19/09/2024 14:45:35 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 14:45:36 DEBUG: Checking Wazuh installation.
19/09/2024 14:45:36 DEBUG: There are Wazuh remaining files.
19/09/2024 14:45:36 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:45:37 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:45:38 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
19/09/2024 14:45:38 DEBUG: Restarting filebeat service...
19/09/2024 14:45:38 DEBUG: filebeat started.
19/09/2024 14:45:39 DEBUG: Restarting wazuh-manager service...
19/09/2024 14:45:57 DEBUG: wazuh-manager started.
19/09/2024 14:45:57 DEBUG: Changing API passwords.
19/09/2024 14:45:59 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
19/09/2024 14:46:00 INFO: filebeat service started.
19/09/2024 14:46:00 INFO: Checking Filebeat connection
19/09/2024 14:46:00 INFO: Filebeat connection successful
19/09/2024 14:46:00 DEBUG: Restoring Wazuh repository.
19/09/2024 14:46:00 INFO: Installation finished.
19/09/2024 14:46:00 DEBUG: Checking root permissions.
19/09/2024 14:46:00 DEBUG: Checking sudo package.
19/09/2024 14:46:00 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 14:46:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 14:46:00 DEBUG: APT package manager will be used.
19/09/2024 14:46:00 DEBUG: Checking system distribution.
19/09/2024 14:46:00 DEBUG: Detected distribution name: ubuntu
19/09/2024 14:46:00 DEBUG: Detected distribution version: 22
19/09/2024 14:46:00 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease
Reading package lists...
19/09/2024 14:46:05 DEBUG: Checking Wazuh installation.
19/09/2024 14:46:05 DEBUG: There are Wazuh remaining files.
19/09/2024 14:46:06 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:46:06 DEBUG: There are Filebeat remaining files.
19/09/2024 14:46:07 DEBUG: Checking system architecture.
19/09/2024 14:46:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 14:46:07 DEBUG: CPU cores detected: 4
19/09/2024 14:46:07 DEBUG: Free RAM memory detected: 7847
19/09/2024 14:46:07 DEBUG: Checking previous certificate existence.
19/09/2024 14:46:07 INFO: Wazuh web interface port will be 443.
19/09/2024 14:46:07 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:46:10 DEBUG: Installing prerequisites dependencies.
19/09/2024 14:46:12 DEBUG: Checking curl tool version.
19/09/2024 14:46:12 DEBUG: Adding the Wazuh repository.
19/09/2024 14:46:12 DEBUG: Wazuh repository already exists. Skipping addition.
19/09/2024 14:46:12 INFO: Wazuh repository added.
19/09/2024 14:46:12 DEBUG: Extracting Wazuh configuration.
19/09/2024 14:46:12 DEBUG: Reading configuration file.
19/09/2024 14:46:12 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:46:12 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:46:12 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:46:12 DEBUG: Checking node names in the configuration file.
19/09/2024 14:46:12 INFO: --- Wazuh dashboard ----
19/09/2024 14:46:12 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 934 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:48:24 DEBUG: Checking Wazuh installation.
19/09/2024 14:48:24 DEBUG: There are Wazuh remaining files.
19/09/2024 14:48:25 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:48:25 DEBUG: There are Filebeat remaining files.
19/09/2024 14:48:25 DEBUG: There are Wazuh dashboard remaining files.
19/09/2024 14:48:25 INFO: Wazuh dashboard installation finished.
19/09/2024 14:48:25 DEBUG: Configuring Wazuh dashboard.
19/09/2024 14:48:25 DEBUG: Copying Wazuh dashboard certificates.
19/09/2024 14:48:26 DEBUG: Wazuh dashboard certificate setup finished.
19/09/2024 14:48:26 INFO: Wazuh dashboard post-install configuration finished.
19/09/2024 14:48:26 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
19/09/2024 14:48:26 INFO: wazuh-dashboard service started.
19/09/2024 14:48:26 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 14:48:26 DEBUG: Checking Wazuh installation.
19/09/2024 14:48:26 DEBUG: There are Wazuh remaining files.
19/09/2024 14:48:27 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:48:27 DEBUG: There are Filebeat remaining files.
19/09/2024 14:48:27 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:48:28 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
19/09/2024 14:48:28 DEBUG: Restarting filebeat service...
19/09/2024 14:48:28 DEBUG: filebeat started.
19/09/2024 14:48:28 DEBUG: Restarting wazuh-manager service...
19/09/2024 14:48:45 DEBUG: wazuh-manager started.
19/09/2024 14:48:46 DEBUG: Restarting wazuh-dashboard service...
19/09/2024 14:48:47 DEBUG: wazuh-dashboard started.
19/09/2024 14:48:47 DEBUG: Changing API passwords.
19/09/2024 14:48:57 INFO: Initializing Wazuh dashboard web application.
19/09/2024 14:48:57 DEBUG: Wazuh dashboard connection was successful.
19/09/2024 14:48:57 INFO: Wazuh dashboard web application initialized.
19/09/2024 14:48:57 INFO: --- Summary ---
19/09/2024 14:48:57 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: FqfQn*+DH.??.nFXJZ59rQr9dK+*TeiA
19/09/2024 14:48:57 DEBUG: Restoring Wazuh repository.
19/09/2024 14:48:57 INFO: Installation finished.
root@ip-172-31-46-243:/home/ubuntu# Installing components individually using pre-release (4.9.0)root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -d -wi wazuh-indexer -v
19/09/2024 13:36:15 DEBUG: Checking root permissions.
19/09/2024 13:36:15 DEBUG: Checking sudo package.
19/09/2024 13:36:15 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 13:36:15 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 13:36:15 DEBUG: APT package manager will be used.
19/09/2024 13:36:15 DEBUG: Checking system distribution.
19/09/2024 13:36:15 DEBUG: Detected distribution name: ubuntu
19/09/2024 13:36:15 DEBUG: Detected distribution version: 22
19/09/2024 13:36:15 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 13:36:19 DEBUG: Checking Wazuh installation.
19/09/2024 13:36:20 INFO: Using Filebeat template from master branch.
19/09/2024 13:36:20 DEBUG: Checking system architecture.
19/09/2024 13:36:20 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 13:36:20 DEBUG: CPU cores detected: 4
19/09/2024 13:36:20 DEBUG: Free RAM memory detected: 7847
19/09/2024 13:36:20 DEBUG: Checking previous certificate existence.
19/09/2024 13:36:21 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 13:36:23 DEBUG: Installing prerequisites dependencies.
19/09/2024 13:36:24 DEBUG: Checking curl tool version.
19/09/2024 13:36:24 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [40.5 kB]
Fetched 57.8 kB in 1s (72.0 kB/s)
Reading package lists...
19/09/2024 13:36:26 INFO: Wazuh development repository added.
19/09/2024 13:36:26 DEBUG: Extracting Wazuh configuration.
19/09/2024 13:36:26 DEBUG: Reading configuration file.
19/09/2024 13:36:26 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 13:36:26 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 13:36:26 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 13:36:26 DEBUG: Checking node names in the configuration file.
19/09/2024 13:36:26 INFO: --- Wazuh indexer ---
19/09/2024 13:36:26 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Selecting previously unselected package ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 13:36:45 DEBUG: Checking Wazuh installation.
19/09/2024 13:36:46 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 13:36:46 INFO: Wazuh indexer installation finished.
19/09/2024 13:36:46 DEBUG: Configuring Wazuh indexer.
19/09/2024 13:36:46 DEBUG: Copying Wazuh indexer certificates.
19/09/2024 13:36:46 INFO: Wazuh indexer post-install configuration finished.
19/09/2024 13:36:46 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
19/09/2024 13:36:59 INFO: wazuh-indexer service started.
19/09/2024 13:36:59 INFO: Initializing Wazuh indexer cluster security settings.
19/09/2024 13:36:59 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 13:36:59 DEBUG: Checking Wazuh installation.
19/09/2024 13:37:00 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 13:37:01 INFO: Wazuh indexer cluster initialized.
19/09/2024 13:37:01 DEBUG: Restoring Wazuh repository.
19/09/2024 13:37:01 INFO: Installation finished.
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -d -s -v
19/09/2024 13:38:06 DEBUG: Checking root permissions.
19/09/2024 13:38:06 DEBUG: Checking sudo package.
19/09/2024 13:38:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 13:38:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 13:38:06 DEBUG: APT package manager will be used.
19/09/2024 13:38:06 DEBUG: Checking system distribution.
19/09/2024 13:38:06 DEBUG: Detected distribution name: ubuntu
19/09/2024 13:38:06 DEBUG: Detected distribution version: 22
19/09/2024 13:38:06 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [40.2 kB]
Fetched 57.5 kB in 0s (181 kB/s)
Reading package lists...
19/09/2024 13:38:10 DEBUG: Checking Wazuh installation.
19/09/2024 13:38:10 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 13:38:11 INFO: Using Filebeat template from master branch.
19/09/2024 13:38:11 DEBUG: Checking system architecture.
19/09/2024 13:38:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 13:38:11 DEBUG: CPU cores detected: 4
19/09/2024 13:38:11 DEBUG: Free RAM memory detected: 7847
19/09/2024 13:38:11 DEBUG: Checking previous certificate existence.
19/09/2024 13:38:11 DEBUG: Extracting Wazuh configuration.
19/09/2024 13:38:11 DEBUG: Reading configuration file.
19/09/2024 13:38:11 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 13:38:11 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 13:38:11 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 13:38:11 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
19/09/2024 13:38:14 INFO: Wazuh indexer cluster security configuration initialized.
19/09/2024 13:38:14 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
19/09/2024 13:38:20 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
19/09/2024 13:38:20 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 13:38:20 DEBUG: Checking Wazuh installation.
19/09/2024 13:38:20 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 13:38:21 INFO: Updating the internal users.
19/09/2024 13:38:21 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 13:38:23 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/09/2024 13:38:23 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
19/09/2024 13:38:23 DEBUG: The internal users have been updated before changing the passwords.
19/09/2024 13:38:23 DEBUG: Generating password hashes.
19/09/2024 13:38:27 DEBUG: Password hashes generated.
19/09/2024 13:38:27 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/09/2024 13:38:30 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/09/2024 13:38:30 DEBUG: Running security admin tool.
19/09/2024 13:38:30 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
19/09/2024 13:38:31 DEBUG: Passwords changed.
19/09/2024 13:38:31 DEBUG: Restoring Wazuh repository.
19/09/2024 13:38:31 INFO: Wazuh indexer cluster started.
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -ws wazuh-server -d -v
19/09/2024 14:17:16 DEBUG: Checking root permissions.
19/09/2024 14:17:16 DEBUG: Checking sudo package.
19/09/2024 14:17:16 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 14:17:16 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 14:17:16 DEBUG: APT package manager will be used.
19/09/2024 14:17:16 DEBUG: Checking system distribution.
19/09/2024 14:17:16 DEBUG: Detected distribution name: ubuntu
19/09/2024 14:17:16 DEBUG: Detected distribution version: 22
19/09/2024 14:17:16 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:17:20 DEBUG: Checking Wazuh installation.
19/09/2024 14:17:20 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:17:21 INFO: Using Filebeat template from master branch.
19/09/2024 14:17:21 DEBUG: Checking system architecture.
19/09/2024 14:17:21 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 14:17:21 DEBUG: CPU cores detected: 4
19/09/2024 14:17:21 DEBUG: Free RAM memory detected: 7847
19/09/2024 14:17:21 DEBUG: Checking previous certificate existence.
19/09/2024 14:17:21 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:17:23 DEBUG: Installing prerequisites dependencies.
19/09/2024 14:17:24 DEBUG: Checking curl tool version.
19/09/2024 14:17:24 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [40.5 kB]
Fetched 57.8 kB in 1s (76.9 kB/s)
Reading package lists...
19/09/2024 14:17:26 INFO: Wazuh development repository added.
19/09/2024 14:17:26 DEBUG: Extracting Wazuh configuration.
19/09/2024 14:17:26 DEBUG: Reading configuration file.
19/09/2024 14:17:26 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:17:26 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:17:26 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:17:26 DEBUG: Checking node names in the configuration file.
19/09/2024 14:17:26 INFO: --- Wazuh server ---
19/09/2024 14:17:26 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:18:12 DEBUG: Checking Wazuh installation.
19/09/2024 14:18:12 DEBUG: There are Wazuh remaining files.
19/09/2024 14:18:13 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:18:13 INFO: Wazuh manager installation finished.
19/09/2024 14:18:13 DEBUG: Configuring Wazuh manager.
19/09/2024 14:18:13 DEBUG: Setting provisional Wazuh indexer password.
19/09/2024 14:18:13 INFO: Wazuh manager vulnerability detection configuration finished.
19/09/2024 14:18:13 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
19/09/2024 14:18:27 INFO: wazuh-manager service started.
19/09/2024 14:18:27 INFO: Checking Wazuh API connection
19/09/2024 14:18:28 INFO: Wazuh API connection successful
19/09/2024 14:18:28 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:18:38 DEBUG: Checking Wazuh installation.
19/09/2024 14:18:38 DEBUG: There are Wazuh remaining files.
19/09/2024 14:18:38 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:18:39 DEBUG: There are Filebeat remaining files.
19/09/2024 14:18:39 INFO: Filebeat installation finished.
19/09/2024 14:18:39 DEBUG: Configuring Filebeat.
19/09/2024 14:18:39 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
19/09/2024 14:18:40 DEBUG: Filebeat module was downloaded successfully.
19/09/2024 14:18:40 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:18:41 INFO: Filebeat post-install configuration finished.
19/09/2024 14:18:41 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 14:18:41 DEBUG: Checking Wazuh installation.
19/09/2024 14:18:41 DEBUG: There are Wazuh remaining files.
19/09/2024 14:18:41 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:18:42 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:18:43 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
19/09/2024 14:18:43 DEBUG: Restarting filebeat service...
19/09/2024 14:18:43 DEBUG: filebeat started.
19/09/2024 14:18:44 DEBUG: Restarting wazuh-manager service...
19/09/2024 14:19:01 DEBUG: wazuh-manager started.
19/09/2024 14:19:01 DEBUG: Changing API passwords.
19/09/2024 14:19:04 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
19/09/2024 14:19:05 INFO: filebeat service started.
19/09/2024 14:19:05 INFO: Checking Filebeat connection
19/09/2024 14:19:05 INFO: Filebeat connection successful
19/09/2024 14:19:05 DEBUG: Restoring Wazuh repository.
19/09/2024 14:19:05 INFO: Installation finished.
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -wd wazuh-dashboard -d -v
19/09/2024 14:29:31 DEBUG: Checking root permissions.
19/09/2024 14:29:31 DEBUG: Checking sudo package.
19/09/2024 14:29:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 14:29:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 14:29:31 DEBUG: APT package manager will be used.
19/09/2024 14:29:31 DEBUG: Checking system distribution.
19/09/2024 14:29:31 DEBUG: Detected distribution name: ubuntu
19/09/2024 14:29:31 DEBUG: Detected distribution version: 22
19/09/2024 14:29:31 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [40.2 kB]
Fetched 57.5 kB in 0s (162 kB/s)
Reading package lists...
19/09/2024 14:29:35 DEBUG: Checking Wazuh installation.
19/09/2024 14:29:35 DEBUG: There are Wazuh remaining files.
19/09/2024 14:29:35 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:29:36 DEBUG: There are Filebeat remaining files.
19/09/2024 14:29:36 INFO: Using Filebeat template from master branch.
19/09/2024 14:29:36 DEBUG: Checking system architecture.
19/09/2024 14:29:36 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 14:29:36 DEBUG: CPU cores detected: 4
19/09/2024 14:29:36 DEBUG: Free RAM memory detected: 7847
19/09/2024 14:29:36 DEBUG: Checking previous certificate existence.
19/09/2024 14:29:36 INFO: Wazuh web interface port will be 443.
19/09/2024 14:29:36 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 14:29:39 DEBUG: Installing prerequisites dependencies.
19/09/2024 14:29:40 DEBUG: Checking curl tool version.
19/09/2024 14:29:40 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [40.5 kB]
Fetched 57.8 kB in 1s (90.0 kB/s)
Reading package lists...
19/09/2024 14:29:42 INFO: Wazuh development repository added.
19/09/2024 14:29:42 DEBUG: Extracting Wazuh configuration.
19/09/2024 14:29:42 DEBUG: Reading configuration file.
19/09/2024 14:29:42 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:29:42 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:29:42 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:29:42 DEBUG: Checking node names in the configuration file.
19/09/2024 14:29:42 INFO: --- Wazuh dashboard ----
19/09/2024 14:29:42 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 214 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 934 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/09/2024 14:30:29 DEBUG: Checking Wazuh installation.
19/09/2024 14:30:29 DEBUG: There are Wazuh remaining files.
19/09/2024 14:30:29 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:30:30 DEBUG: There are Filebeat remaining files.
19/09/2024 14:30:30 DEBUG: There are Wazuh dashboard remaining files.
19/09/2024 14:30:30 INFO: Wazuh dashboard installation finished.
19/09/2024 14:30:30 DEBUG: Configuring Wazuh dashboard.
19/09/2024 14:30:30 DEBUG: Copying Wazuh dashboard certificates.
19/09/2024 14:30:30 DEBUG: Wazuh dashboard certificate setup finished.
19/09/2024 14:30:30 INFO: Wazuh dashboard post-install configuration finished.
19/09/2024 14:30:30 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
19/09/2024 14:30:31 INFO: wazuh-dashboard service started.
19/09/2024 14:30:31 DEBUG: Setting Wazuh indexer cluster passwords.
19/09/2024 14:30:31 DEBUG: Checking Wazuh installation.
19/09/2024 14:30:31 DEBUG: There are Wazuh remaining files.
19/09/2024 14:30:31 DEBUG: There are Wazuh indexer remaining files.
19/09/2024 14:30:32 DEBUG: There are Filebeat remaining files.
19/09/2024 14:30:32 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
19/09/2024 14:30:32 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
19/09/2024 14:30:32 DEBUG: Restarting filebeat service...
19/09/2024 14:30:33 DEBUG: filebeat started.
19/09/2024 14:30:33 DEBUG: Restarting wazuh-manager service...
19/09/2024 14:30:53 DEBUG: wazuh-manager started.
19/09/2024 14:30:54 DEBUG: Restarting wazuh-dashboard service...
19/09/2024 14:30:55 DEBUG: wazuh-dashboard started.
19/09/2024 14:30:55 DEBUG: Changing API passwords.
19/09/2024 14:31:10 INFO: Initializing Wazuh dashboard web application.
19/09/2024 14:31:10 DEBUG: Wazuh dashboard connection was successful.
19/09/2024 14:31:10 INFO: Wazuh dashboard web application initialized.
19/09/2024 14:31:10 INFO: --- Summary ---
19/09/2024 14:31:10 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: sOO+4HfKi8rgKJMAaniNKf8oNuykkWCI
19/09/2024 14:31:10 DEBUG: Restoring Wazuh repository.
19/09/2024 14:31:10 INFO: Installation finished.
Validating password tool build and execution➜ wazuh-installation-assistant git:(change/63-migrate-repository-selection-from-builder-to-assistant) bash builder.sh -p
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-passwords-tool.sh -a
19/09/2024 14:52:36 INFO: Updating the internal users.
19/09/2024 14:52:38 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
19/09/2024 14:52:38 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
19/09/2024 14:52:45 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
19/09/2024 14:53:05 INFO: The password for user admin is 6pcO2YBhNbFA67?Lvb*D4L7ww4sNWS29
19/09/2024 14:53:05 INFO: The password for user anomalyadmin is OIEW9KEJG+?gkZgHZ7zmnAVx3SxY?lJI
19/09/2024 14:53:05 INFO: The password for user kibanaserver is gveVQ9FZ1he?oMKzwR32b+r5XYi6B+?F
19/09/2024 14:53:05 INFO: The password for user kibanaro is *8.Brk?pLCSlO?wMpro1F3lNWF4ZkZ6s
19/09/2024 14:53:05 INFO: The password for user logstash is 1XCH*?1X67*NiEpE2UQGEKh9RwYARyIX
19/09/2024 14:53:05 INFO: The password for user readall is emS8WUxxktjBLoY2K*FeqLErSI1pveOw
19/09/2024 14:53:05 INFO: The password for user snapshotrestore is oiB8.oNrL?Bw7m3vz2.B6a5nXbB*wasX
19/09/2024 14:53:05 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
Validating password tool build and execution➜ wazuh-installation-assistant git:(change/63-migrate-repository-selection-from-builder-to-assistant) bash builder.sh -c
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-certs-tool.sh -A -v
19/09/2024 14:54:22 INFO: Verbose logging redirected to /home/ubuntu/wazuh-certificates-tool.log
19/09/2024 14:54:22 DEBUG: Reading configuration file.
19/09/2024 14:54:22 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:54:22 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:54:22 DEBUG: Checking if 127.0.0.1 is private.
19/09/2024 14:54:22 DEBUG: Checking if the root CA exists.
19/09/2024 14:54:22 INFO: Generating the root certificate.
19/09/2024 14:54:22 INFO: Generating Admin certificates.
19/09/2024 14:54:22 DEBUG: Generating Admin private key.
19/09/2024 14:54:22 DEBUG: Converting Admin private key to PKCS8 format.
19/09/2024 14:54:22 DEBUG: Generating Admin CSR.
19/09/2024 14:54:22 DEBUG: Creating Admin certificate.
19/09/2024 14:54:22 INFO: Admin certificates created.
19/09/2024 14:54:22 INFO: Generating Wazuh indexer certificates.
19/09/2024 14:54:22 DEBUG: Creating the certificates for wazuh-indexer indexer node.
19/09/2024 14:54:22 DEBUG: Generating certificate configuration.
19/09/2024 14:54:22 DEBUG: Creating the Wazuh indexer tmp key pair.
19/09/2024 14:54:22 DEBUG: Creating the Wazuh indexer certificates.
19/09/2024 14:54:22 INFO: Wazuh indexer certificates created.
19/09/2024 14:54:22 INFO: Generating Filebeat certificates.
19/09/2024 14:54:22 DEBUG: Generating the certificates for wazuh-server server node.
19/09/2024 14:54:22 DEBUG: Generating certificate configuration.
19/09/2024 14:54:22 DEBUG: Creating the Wazuh server tmp key pair.
19/09/2024 14:54:23 DEBUG: Creating the Wazuh server certificates.
19/09/2024 14:54:23 INFO: Wazuh Filebeat certificates created.
19/09/2024 14:54:23 INFO: Generating Wazuh dashboard certificates.
19/09/2024 14:54:23 DEBUG: Generating certificate configuration.
19/09/2024 14:54:23 DEBUG: Creating the Wazuh dashboard tmp key pair.
19/09/2024 14:54:23 DEBUG: Creating the Wazuh dashboard certificates.
19/09/2024 14:54:23 INFO: Wazuh dashboard certificates created.
19/09/2024 14:54:23 DEBUG: Cleaning certificate files.
root@ip-172-31-46-243:/home/ubuntu#
Validation of the repository selectionroot@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -d -wi wazuh-indexer -v
+ '[' -n -wi ']'
+ [[ ! -wi =~ ^- ]]
+ devrepo=pre-release
+ shift 1
+ repogpg=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+ repobaseurl=https://packages-dev.wazuh.com/pre-release
+ reporelease=unstable
+ filebeat_wazuh_module=https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz
+ bucket=packages-dev.wazuh.com
+ repository=pre-release
+ set +x
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -d staging -wi wazuh-indexer -v
+ '[' -n staging ']'
+ [[ ! staging =~ ^- ]]
+ '[' staging = pre-release ']'
+ '[' staging = staging ']'
+ devrepo=staging
+ shift 2
+ repogpg=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+ repobaseurl=https://packages-dev.wazuh.com/staging
+ reporelease=unstable
+ filebeat_wazuh_module=https://packages-dev.wazuh.com/staging/filebeat/wazuh-filebeat-0.4.tar.gz
+ bucket=packages-dev.wazuh.com
+ repository=staging
+ set +x
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -d pre-release -wi wazuh-indexer -v
+ '[' -n pre-release ']'
+ [[ ! pre-release =~ ^- ]]
+ '[' pre-release = pre-release ']'
+ devrepo=pre-release
+ shift 2
+ repogpg=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+ repobaseurl=https://packages-dev.wazuh.com/pre-release
+ reporelease=unstable
+ filebeat_wazuh_module=https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz
+ bucket=packages-dev.wazuh.com
+ repository=pre-release
+ set +x
root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -d aaaaaa -wi wazuh-indexer -v
+ '[' -n aaaaaa ']'
+ [[ ! aaaaaa =~ ^- ]]
+ '[' aaaaaa = pre-release ']'
+ '[' aaaaaa = staging ']'
+ common_logger -e 'Error: Invalid value '\''aaaaaa'\'' after -d|--development. Accepted values are '\''pre-release'\'' or '\''staging'\''.'
Validation of the arguments mappingroot@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -g -d staging
19/09/2024 15:08:32 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 15:08:32 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 15:08:36 ERROR: The -d|--development option must be used with -a, -ws, -s, -wi, -wd or -dw.
root@ip-172-31-46-243:/home/ubuntu#
Offline download using pre-release (4.9.0)root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -dw deb -v -d pre-release
19/09/2024 15:00:32 DEBUG: Using development bucket: pre-release
19/09/2024 15:00:32 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 15:00:32 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 15:00:32 DEBUG: APT package manager will be used.
19/09/2024 15:00:32 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 15:00:36 DEBUG: Checking Wazuh installation.
19/09/2024 15:00:37 INFO: Using Filebeat template from master branch.
19/09/2024 15:00:37 DEBUG: Checking system architecture.
19/09/2024 15:00:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 15:00:37 DEBUG: CPU cores detected: 4
19/09/2024 15:00:37 DEBUG: Free RAM memory detected: 7847
19/09/2024 15:00:37 INFO: --- Download Packages ---
19/09/2024 15:00:37 INFO: Starting Wazuh packages download.
19/09/2024 15:00:37 INFO: Downloading Wazuh deb packages for x86_64.
19/09/2024 15:00:38 DEBUG: Wazuh manager package revision fetched.
19/09/2024 15:00:38 DEBUG: Wazuh indexer package revision fetched.
19/09/2024 15:00:39 DEBUG: Wazuh dashboard package revision fetched.
19/09/2024 15:00:39 DEBUG: Downloading Wazuh manager package...
19/09/2024 15:00:40 INFO: The manager package was downloaded.
19/09/2024 15:00:40 DEBUG: Downloading Wazuh filebeat package...
19/09/2024 15:00:40 INFO: The filebeat package was downloaded.
19/09/2024 15:00:40 DEBUG: Downloading Wazuh indexer package...
19/09/2024 15:00:43 INFO: The indexer package was downloaded.
19/09/2024 15:00:43 DEBUG: Downloading Wazuh dashboard package...
19/09/2024 15:00:45 INFO: The dashboard package was downloaded.
19/09/2024 15:00:45 INFO: The packages are in wazuh-offline/wazuh-packages
19/09/2024 15:00:45 INFO: Downloading configuration files and assets.
19/09/2024 15:00:45 DEBUG: Downloading https://packages.wazuh.com/key/GPG-KEY-WAZUH...
19/09/2024 15:00:45 INFO: The resource https://packages.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
19/09/2024 15:00:45 DEBUG: Downloading https://packages.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml...
19/09/2024 15:00:45 INFO: The resource https://packages.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml was downloaded.
19/09/2024 15:00:45 DEBUG: Downloading https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json...
19/09/2024 15:00:46 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
19/09/2024 15:00:46 DEBUG: Downloading https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz...
19/09/2024 15:00:46 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
19/09/2024 15:00:46 INFO: The configuration files and assets are in wazuh-offline.tar.gz
19/09/2024 15:01:30 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
root@ip-172-31-46-243:/home/ubuntu#
Offline download using production (4.9.0)root@ip-172-31-46-243:/home/ubuntu# bash wazuh-install.sh -dw deb -v
19/09/2024 15:03:51 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
19/09/2024 15:03:51 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/09/2024 15:03:51 DEBUG: APT package manager will be used.
19/09/2024 15:03:51 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
19/09/2024 15:03:54 DEBUG: Checking Wazuh installation.
19/09/2024 15:03:55 DEBUG: Checking system architecture.
19/09/2024 15:03:55 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/09/2024 15:03:55 DEBUG: CPU cores detected: 4
19/09/2024 15:03:55 DEBUG: Free RAM memory detected: 7847
19/09/2024 15:03:55 INFO: --- Download Packages ---
19/09/2024 15:03:55 INFO: Starting Wazuh packages download.
19/09/2024 15:03:55 INFO: Downloading Wazuh deb packages for x86_64.
19/09/2024 15:03:56 DEBUG: Wazuh manager package revision fetched.
19/09/2024 15:03:56 DEBUG: Wazuh indexer package revision fetched.
19/09/2024 15:03:57 DEBUG: Wazuh dashboard package revision fetched.
19/09/2024 15:03:57 DEBUG: Downloading Wazuh manager package...
19/09/2024 15:03:58 INFO: The manager package was downloaded.
19/09/2024 15:03:58 DEBUG: Downloading Wazuh filebeat package...
19/09/2024 15:03:58 INFO: The filebeat package was downloaded.
19/09/2024 15:03:58 DEBUG: Downloading Wazuh indexer package...
19/09/2024 15:04:00 INFO: The indexer package was downloaded.
19/09/2024 15:04:00 DEBUG: Downloading Wazuh dashboard package...
19/09/2024 15:04:01 INFO: The dashboard package was downloaded.
19/09/2024 15:04:01 INFO: The packages are in wazuh-offline/wazuh-packages
19/09/2024 15:04:01 INFO: Downloading configuration files and assets.
19/09/2024 15:04:01 DEBUG: Downloading https://packages.wazuh.com/key/GPG-KEY-WAZUH...
19/09/2024 15:04:01 INFO: The resource https://packages.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
19/09/2024 15:04:01 DEBUG: Downloading https://packages.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml...
19/09/2024 15:04:01 INFO: The resource https://packages.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml was downloaded.
19/09/2024 15:04:01 DEBUG: Downloading https://raw.githubusercontent.com/wazuh/wazuh/v4.9.0/extensions/elasticsearch/7.x/wazuh-template.json...
19/09/2024 15:04:01 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/v4.9.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
19/09/2024 15:04:01 DEBUG: Downloading https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz...
19/09/2024 15:04:02 INFO: The resource https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
19/09/2024 15:04:02 INFO: The configuration files and assets are in wazuh-offline.tar.gz
19/09/2024 15:04:45 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
root@ip-172-31-46-243:/home/ubuntu#
|
Update ReportTesting GHAsAfter adapting the workflows, the following testing has been performed to ensure that the GHAs work as expected after the adaptation:
|
Description
As part of packages redesign tier 2, it is necessary to migrate the configuration functionality of the repositories from
builder.sh
towazuh-install.sh
, with this it is expected that through the parameter it will be possible to select from which repository to install the packages.Related
DRI
The text was updated successfully, but these errors were encountered: