Wazuh installation assistant does not update internal users file

[Rebits]

Wazuh version	Component	Install type	Install method	Platform
4.4.5	Installation	AIO	Packages	Ubuntu 22

Description

Wazuh install script https://packages.wazuh.com/4.4/wazuh-install.sh for all in one installation does not update the internal_users regarding the new generated password.

Steps to reproduce

• Install a AIO following the quickstart command: curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
• Check the passwords for the environment users: sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
• Check that the /etc/wazuh-indexer/opensearch-security/internal_users.yml contains the default value:

config_file_indexer_roles_internal_users="---
# This is the internal user database
# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh

_meta:
  type: \"internalusers\"
  config_version: 2

# Define your internal users here

## Demo users

admin:
  hash: \"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\"
  reserved: true
  backend_roles:
  - \"admin\"
  description: \"Demo admin user\"

kibanaserver:
  hash: \"\$2a\$12\$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.\"
  reserved: true
  description: \"Demo kibanaserver user\"

kibanaro:
  hash: \"\$2a\$12\$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC\"
  reserved: false
  backend_roles:
  - \"kibanauser\"
  - \"readall\"
  attributes:
    attribute1: \"value1\"
    attribute2: \"value2\"
    attribute3: \"value3\"
  description: \"Demo kibanaro user\"

[micsinyei]

As an update for this, I believe the error comes from this function which also the same in the wazuh-password-tool:
Important line:
awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
It should be :
awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/opensearch-security/internal_users.yml
So the backup to opensearch-security at the end.

Full function
`function passwords_changePassword() {

if [ -n "${changeall}" ]; then
    if [ -n "${indexer_installed}" ] && [ -z ${no_indexer_backup} ]; then
        eval "mkdir /etc/wazuh-indexer/backup/ 2>/dev/null"
        eval "cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null"
        passwords_createBackUp
    fi
    for i in "${!passwords[@]}"
    do
        if [ -n "${indexer_installed}" ] && [ -f "/etc/wazuh-indexer/backup/internal_users.yml" ]; then
            awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
        fi

        if [ "${users[i]}" == "admin" ]; then
            adminpass=${passwords[i]}
        elif [ "${users[i]}" == "kibanaserver" ]; then
            dashpass=${passwords[i]}
        fi

    done
else
    if [ -z "${api}" ] && [ -n "${indexer_installed}" ]; then
        eval "mkdir /etc/wazuh-indexer/backup/ 2>/dev/null"
        eval "cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null"
        passwords_createBackUp
    fi
    if [ -n "${indexer_installed}" ] && [ -f "/etc/wazuh-indexer/backup/internal_users.yml" ]; then
        awk -v new="${hash}" 'prev=="'${nuser}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
    fi

    if [ "${nuser}" == "admin" ]; then
        adminpass=${password}
    elif [ "${nuser}" == "kibanaserver" ]; then
        dashpass=${password}
    fi

fi

if [ "${nuser}" == "admin" ] || [ -n "${changeall}" ]; then
    if [ -n "${filebeat_installed}" ]; then
        if filebeat keystore list | grep -q password ; then
            eval "echo ${adminpass} | filebeat keystore add password --force --stdin ${debug}"
        else
            wazuhold=$(grep "password:" /etc/filebeat/filebeat.yml )
            ra="  password: "
            wazuhold="${wazuhold//$ra}"
            conf="$(awk '{sub("password: .*", "password: '"${adminpass}"'")}1' /etc/filebeat/filebeat.yml)"
            echo "${conf}" > /etc/filebeat/filebeat.yml
        fi
        passwords_restartService "filebeat"
    fi
fi

if [ "$nuser" == "kibanaserver" ] || [ -n "$changeall" ]; then
    if [ -n "${dashboard_installed}" ] && [ -n "${dashpass}" ]; then
        if /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list | grep -q opensearch.password; then
            eval "echo ${dashpass} | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password ${debug_pass}"
        else
            wazuhdashold=$(grep "password:" /etc/wazuh-dashboard/opensearch_dashboards.yml )
            rk="opensearch.password: "
            wazuhdashold="${wazuhdashold//$rk}"
            conf="$(awk '{sub("opensearch.password: .*", "opensearch.password: '"${dashpass}"'")}1' /etc/wazuh-dashboard/opensearch_dashboards.yml)"
            echo "${conf}" > /etc/wazuh-dashboard/opensearch_dashboards.yml
        fi
        passwords_restartService "wazuh-dashboard"
    fi
fi`

As a result after root@wazuh-VirtualBox:/usr/share/wazuh-indexer/plugins/opensearch-security/tools# bash -x wazuh-passwords-tool.sh -u admin -p I8GQQsBSED4MgqfuQGcUl4xv72s?7s+V :
hash: \"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\" to hash: $2y$12$Jmf633gV7SHAbmetW7ODMuIsBb/yCnbxudEQ7CWeAO9bhF9ScPj9O

[micsinyei]

Additional info on this:

• The permissions also needs to be changed to wazuh -indexer, because if you run it as root then the owner will be root so the /usr/share/wazuh-indexer/bin/indexer-security-init.sh fails as the next step
• Then if you change the password for one user then it leaves to quotes. if you change password for all users with the -a then there will be quotes everywhere (I have not checked the hash values), so it is inconsistent with the quotes
• I noticed if the OS account is different from wazuh-user then the passwordtool causes an error. Tested in AWS with AMI, having my own user and running the password tool makes filebeat to be unauthorized (no clue why)

[davidcr01]

Update Report

Development

After applying the change that suggested @micsinyei, the Wazuh dashboard can not be initialized correctly, obtaining the warning Wazuh dashboard web application not yet initialized. Waiting..., and the installation is finished unsuccessfully.

🔴 Complete log

14/09/2023 12:10:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
14/09/2023 12:10:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
14/09/2023 12:10:43 WARNING: Hardware and system checks ignored.
14/09/2023 12:10:43 INFO: Wazuh web interface port will be 443.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Get:1 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:2 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [32.1 kB]
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:5 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:6 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Fetched 49.4 kB in 1s (65.5 kB/s)
Reading package lists...
14/09/2023 12:10:49 INFO: Wazuh repository added.
14/09/2023 12:10:49 INFO: --- Configuration files ---
14/09/2023 12:10:49 INFO: Generating configuration files.
........+...+.+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+..+......+.+...+...+..+.+....................+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+......+...+........+...+......+...+......+.......+...+............+.........+.....+.+.....+............+.+..+.............+..+.......+...+.....+...+.+...+...........+.+..............+....+..+.+.....+.........+....+.....+.........+.+......+...+..+.........+.........+.......+...+.....+.+......+.........+..+...+....+..+.............+...........+.......+..+............+.........+.+...........+....+.....+....+............+...+.....+....+..+.+.....+...+.......+............+....................+..........+.....+............+.+..+.............+..............+.........+.....................+.+.....+.......+..+..........+........+...+....+.....+...+.............+..+......+.+.....+...+......+.......+...............+..+...+.............+......+........+......+......+.+...+......+.....+.+...+............+....................+...+.........+.+..+.......+......+..+....+...+.....+.+..+.............+......+.....+...+......+....+...+..+...+....+...+...+...+..+..........+.................+.............+..................+...........+..........+...+..+.........+....+...........+....+..+......+.......+..+...+...+...+....+......+.........+.....+.+.....+............+..................+.......+...+...........+....+......+...............+......+..+...+.......+............+......+...+..+...+......+...+......+.+...........+...+....+...+..+..........+..+.............+...............+...+..+......+......+....+..+...............+.........+...................+..+..................+....+...+.....+.......+...+...+.....+.+.....+...+...+....+.....+......+....+.........+..+.......+...+.........+...............+......+..+...+.........+....+.....+.+...........+...+...............+.......+.....+.......+...+..+.+..+.......+......+.....+.......+...+..+..................+.........+.+......+...........+...+...................+..+.+............+..+...+.............+........+.......+.........+........+.+..+....+...+.....+...+...............+.......+..+...+............+....+..............+......+.+.....+...+.+...........+...+..........+..+.........+......+.+............+...............+......+..+.......+...+...+..+...+................+........+.+.........+..+...+.......+...+......+..+..........+...+..+............+.+..+...+..........+...........+...+............+...+.....................+......+.+........+....+..+.+...+..+....+.........+.....+.........+...............+.+...........+.+...+............+........+....+......+..+...+....+..+....+......+...........+....+..............+......+.+........+.+.........+.....+.+...+.....+...+...+......+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+.+....................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+.+...+........+....+...+..+...+..................+...+....+...........+.+...+.................+......+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+........+...+...+.......+..+......+..........+..+.......+...+....................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Ignoring -days without -x509; not generating a certificate
.....+..+.+..+....+...+............+........+.+..+....+...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+........+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
........+.+.........+..+...+.+....................+....+...+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+............+...+....+......+...+..+...............+....+.........+.....+.+......+...+.....+...............+.+.....+.........+...................+..+..................+.+.........+.....+...............+.+......+...+...+........+......+.+..+.......+...+.....+.......+......+.....+.......+..+....+.................+...+....+.....+................+.....+......+.+..+............+.........+.+.........+.....+......+.+..+...+.......+..+...+..........+...+..+.+.....+.+......+.........+......+...+.........+..+...+...+.......+..+.........+....+...+...+..+.........+...+..........+...+.........+...+......+...............+..+...+.+.....+.............+...+.....+.........+.+..+...+...............+...+.+........+.+..+...+......+..........+......+........+.+.....+...+..................+.......+...............+......+..+...............+.......+...+...+......+.....+....+.....+.+...........+...+.+......+.....+.......+.......................+....+......+..+.......+.....+...+...............+.+......+......+.....+.........+.........+................+...+...........+....+...+............+..+...+............+...+......+............+...+..........+..+...............+.............+.........+...+..+......+...............+.......+.........+...+...........+.+...........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Ignoring -days without -x509; not generating a certificate
...+..+......+...+.......+...+.....................+.....+....+..+............+.+..+.......+.....+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+....................+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.+..............+...+....+...+........+...+.....................+.........+.+.....+.+.....+.........+....+.....................+.....+...+...+....+...+......+...........+...+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
......+.+........+...+.........+......+...+......+......+.........+......+....+........+...+..........+..+...............+.+.....+....+........+...+.+...+...........+....+...+...+...............+..+...+.......+.....+.............+.....+.+.....+...+...+...+....+..+.+.........+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.......+...+.....+...+...+.+.........+..+....+...+.................+...+......+....+..+.........+.+.....+.+.....+.............+......+...+..+..........+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+.......+...+..+.........+...+...+....+..............+......+...+..........+.....+.+.........+...........+....+...+..+......+.+......+.....+...+.+......+.........+.....+....+.....+....+..+.+...+..............+......+.+........+.......+...+..+.+..................+.....+.........+...+....+...........+...+..........+......+...+..+..........+...+........+.........+.+........+.........+......+.......+..+................+...........+....+...........+...+.+..+....+...+........+...+................+.........+.....+.+.....+.+........+....+..+................+..+.+.........+............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Ignoring -days without -x509; not generating a certificate
.+...+..+......+...+.+........................+.........+..+....+..+.......+...+...+......+...+...+........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+....+.....+...................+..+....+...+.....+......+......+....+.....+....+..+......+...+......+.............+..+...+.......+........+...+.......+............+......+.........+...............+........+......+......+...............+...............+...+......+.+...+........+...+......+.+.................+..........+...............+........+...+....+...+.....+.......+........+....+.........+..+...+....+..+.+...+......+.....+.+..+.+..+...+....+.....+......+.+.....+..................+.+......+...........+....+..............+......+....+.....+.+.....+.+........+...................+...........+.......+...+......+.........+..+...+..........+......+..............+.+......+..+.+..+....+...+...........+.+.....+.............+.....+...+....+...+........+..........+..+.+..+.............+.....+......+.............+...+..+..........+...+...+.....+.........+.+...........+......+..........+..+................+.................+....+........+...+...+....+...+.....+...+....+......+.........+...........+....+...+.................+......+.+......+..+...+...+.+......+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+.+..............+...+..........+.....+...+....+...+...+.....+.......+..+......+.+...+...+..+......+.+.....+....+............+..+............+..........+...+.....+...+....+.....+.+..+......+.......+.....+.......+..+..........+...+......+.....+....+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..+............+....+.........+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+..+...+.+.....+.+...........+...+.+...+....................+......+....+..+.+..................+..+............+.+..+.......+......+.....+.+...+.....+...+...+.......+..+.......+........+.+.................+.........+.+.....+.........+..........+.........+.........+........+...+.....................+...+.+.....+....+.....+..........+..+.+...............+..+.+...........+...+...+...+.........+.......+...+.....+............+.+.....+...+....+...+..+............+.+.....+.........+......+.............+..+............+.......+......+...+.....+.........+...+.......+...........+......+.............+.....+..........+..+...+...+...+.......+..+......+.......+...+............+.........+.....+.+.....+.......+..+.........+....+...+...+......+.....+......+............+.+.....+.........................+......+.....+.+...............+........+....+......+......+.........+..+...+.+......+..+...+.......+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
14/09/2023 12:10:52 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
14/09/2023 12:10:52 INFO: --- Wazuh indexer ---
14/09/2023 12:10:52 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 683 MB of archives.
After this operation, 971 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-indexer amd64 4.5.2-1 [683 MB]
Fetched 683 MB in 4min 52s (2,340 kB/s)
Selecting previously unselected package wazuh-indexer.
(Reading database ... 75816 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.2-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.2-1) ...
Setting up wazuh-indexer (4.5.2-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:16:32 INFO: Wazuh indexer installation finished.
14/09/2023 12:16:32 INFO: Wazuh indexer post-install configuration finished.
14/09/2023 12:16:32 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
14/09/2023 12:16:53 INFO: wazuh-indexer service started.
14/09/2023 12:16:53 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
14/09/2023 12:17:03 INFO: Wazuh indexer cluster initialized.
14/09/2023 12:17:03 INFO: --- Wazuh server ---
14/09/2023 12:17:03 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 171 MB of archives.
After this operation, 627 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-manager amd64 4.5.2-1 [171 MB]
Fetched 171 MB in 41s (4,168 kB/s)
Selecting previously unselected package wazuh-manager.
(Reading database ... 76939 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.2-1_amd64.deb ...
Unpacking wazuh-manager (4.5.2-1) ...
Setting up wazuh-manager (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:18:33 INFO: Wazuh manager installation finished.
14/09/2023 12:18:33 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
14/09/2023 12:18:58 INFO: wazuh-manager service started.
14/09/2023 12:18:58 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 22.1 MB of archives.
After this operation, 73.6 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 filebeat amd64 7.10.2 [22.1 MB]
Fetched 22.1 MB in 5s (4,228 kB/s)
Selecting previously unselected package filebeat.
(Reading database ... 98213 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:19:10 INFO: Filebeat installation finished.
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
14/09/2023 12:19:11 INFO: Filebeat post-install configuration finished.
14/09/2023 12:19:11 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
14/09/2023 12:19:13 INFO: filebeat service started.
14/09/2023 12:19:13 INFO: --- Wazuh dashboard ---
14/09/2023 12:19:13 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 141 not upgraded.
Need to get 128 MB of archives.
After this operation, 813 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-dashboard amd64 4.5.2-1 [128 MB]
Fetched 128 MB in 33s (3,864 kB/s)
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 98532 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.2-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.2-1) ...
Setting up wazuh-dashboard (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
14/09/2023 12:20:40 INFO: Wazuh dashboard installation finished.
14/09/2023 12:20:40 INFO: Wazuh dashboard post-install configuration finished.
14/09/2023 12:20:40 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
14/09/2023 12:20:41 INFO: wazuh-dashboard service started.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
14/09/2023 12:21:17 INFO: Initializing Wazuh dashboard web application.
14/09/2023 12:21:17 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:21:32 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:21:47 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:18 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:33 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:22:48 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:18 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:33 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:23:48 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:03 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:18 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:34 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:24:49 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:04 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:19 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:34 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:25:49 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:26:04 INFO: Wazuh dashboard web application not yet initialized. Waiting...
14/09/2023 12:26:19 ERROR: Wazuh dashboard installation failed.
14/09/2023 12:26:19 INFO: --- Removing existing Wazuh installation ---
14/09/2023 12:26:19 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 627 MB disk space will be freed.
(Reading database ... 193249 files and directories currently installed.)
Removing wazuh-manager (4.5.2-1) ...
(Reading database ... 171995 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.5.2-1) ...
14/09/2023 12:26:29 INFO: Wazuh manager removed.
14/09/2023 12:26:29 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 971 MB disk space will be freed.
(Reading database ... 171975 files and directories currently installed.)
Removing wazuh-indexer (4.5.2-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 170891 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.5.2-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
14/09/2023 12:26:33 INFO: Wazuh indexer removed.
14/09/2023 12:26:33 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
14/09/2023 12:26:33 INFO: Wazuh indexer removed.
14/09/2023 12:26:33 INFO: Removing Filebeat.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  filebeat*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 73.6 MB disk space will be freed.
(Reading database ... 170852 files and directories currently installed.)
Removing filebeat (7.10.2) ...
(Reading database ... 170560 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
14/09/2023 12:26:35 INFO: Filebeat removed.
14/09/2023 12:26:35 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 141 not upgraded.
After this operation, 813 MB disk space will be freed.
(Reading database ... 170533 files and directories currently installed.)
Removing wazuh-dashboard (4.5.2-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
(Reading database ... 75825 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.5.2-1) ...
 OK
14/09/2023 12:26:45 INFO: Wazuh dashboard removed.
14/09/2023 12:26:45 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.

It is necessary to debug the changePassword and the dashboard_initialize (or dashboard_initializeAIO) function and investigate where is the error.

[micsinyei]

I am looking into the problem, the fix that I recommended is just the first step but a necessary one since the later steps build on the internal_users.yml. In AWS, using the latest version, after the fix, the filebeat fails if I restart all services then run the /usr/share/wazuh-indexer/bin/indexer-security-init.sh then it seems to be working.

I would also separate the installation from the password change. I have not tested the installation.

Next I will give a more detailed version with logs, what happens when I try to change the password. I will need some time.

[micsinyei]

Summery, the steps:

1. Change password
2. Restart services
3. indexer-security-init.sh
   Basically the password change leads to unauthorized output, then the indexer restart leads to OpenSearch not initialized, then the initialization fixes it.

Logs:

Initial state

[root@wazuh-server wazuh-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@wazuh-server wazuh-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2023-09-18T06:15:59,430][ERROR][o.o.a.a.AlertIndices     ] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,430][ERROR][o.o.a.a.AlertIndices     ] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,480][ERROR][o.o.s.i.DetectorIndexManagementService] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,480][ERROR][o.o.s.i.DetectorIndexManagementService] [node-1] info deleteOldIndices
[2023-09-18T06:30:37,501][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:47084
[2023-09-18T06:31:50,809][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:47190
[root@wazuh-server wazuh-user]# cat /var/log/filebeat/filebeat | grep -i -E "error|warn"

After password change

[root@wazuh-server wazuh-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... ERROR 401 Unauthorized: Unauthorized
[root@wazuh-server wazuh-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2023-09-18T06:15:59,430][ERROR][o.o.a.a.AlertIndices     ] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,430][ERROR][o.o.a.a.AlertIndices     ] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,480][ERROR][o.o.s.i.DetectorIndexManagementService] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,480][ERROR][o.o.s.i.DetectorIndexManagementService] [node-1] info deleteOldIndices
[2023-09-18T06:30:37,501][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:47084
[2023-09-18T06:31:50,809][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:47190
[2023-09-18T07:25:06,239][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:43834
[root@wazuh-server wazuh-user]# cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
[root@wazuh-server wazuh-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2023-09-18T06:15:59,430][ERROR][o.o.a.a.AlertIndices     ] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,430][ERROR][o.o.a.a.AlertIndices     ] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,480][ERROR][o.o.s.i.DetectorIndexManagementService] [node-1] info deleteOldIndices
[2023-09-18T06:15:59,480][ERROR][o.o.s.i.DetectorIndexManagementService] [node-1] info deleteOldIndices
[2023-09-18T06:30:37,501][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:47084
[2023-09-18T06:31:50,809][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:47190
[2023-09-18T07:25:06,239][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:43834

internal users yml

admin:
  hash: $2y$12$bBYXOvFd7XBTKlOfU1xgiOiwHQ4pU1ajV4fYTomTh7.dctvGRy6zC
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
kibanaserver:
  hash: "$2y$12$p/aqb7Sn/T.SpLBODY/9EuFfkT2xY2s25cvu/ZNi1xBb8q2aep2ju"
  reserved: true
  description: "Demo kibanaserver user"

after restarting the indexer

[root@wazuh-server wazuh-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... ERROR 503 Service Unavailable: OpenSearch Security not initialized.

After /usr/share/wazuh-indexer/bin/indexer-security-init.sh

[root@wazuh-server wazuh-user]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@wazuh-server wazuh-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

[micsinyei]

@davidcr01 I did other experiments, instead of my original idea, I propose this change:
Add eval "cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml"
above the eval "rm -rf /etc/wazuh-indexer/backup/ ${debug}"

function passwords_runSecurityAdmin() {

    if [ -z "${indexer_installed}" ] && [ -z "${dashboard_installed}" ] && [ -z "${filebeat_installed}" ]; then
        common_logger -e "Cannot find Wazuh indexer, Wazuh dashboard or Filebeat on the system."
        exit 1;
    else
        if [ -n "${indexer_installed}" ]; then
            capem=$(grep "plugins.security.ssl.transport.pemtrustedcas_filepath: " /etc/wazuh-indexer/opensearch.yml )
            rcapem="plugins.security.ssl.transport.pemtrustedcas_filepath: "
            capem="${capem//$rcapem}"
            if [[ -z "${adminpem}" ]] || [[ -z "${adminkey}" ]]; then
                passwords_readAdmincerts
            fi
        fi
    fi

    common_logger -d "Loading new passwords changes."
    eval "OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert ${capem} -cert ${adminpem} -key ${adminkey} -icl -h ${IP} ${debug}"
    if [  "${PIPESTATUS[0]}" != 0  ]; then
        common_logger -e "Could not load the changes."
        exit 1;
    fi
    eval "cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml"
    eval "rm -rf /etc/wazuh-indexer/backup/ ${debug}"

    if [[ -n "${nuser}" ]] && [[ -n ${autopass} ]]; then
        common_logger -nl "The password for user ${nuser} is ${password}"
        common_logger -w "Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services."
    fi

    if [[ -n "${nuser}" ]] && [[ -z ${autopass} ]]; then
        common_logger -w "Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services."
    fi

    if [ -n "${changeall}" ]; then
        if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ] && [ -z "${start_indexer_cluster}" ]; then
            for i in "${!users[@]}"; do
                common_logger -nl "The password for user ${users[i]} is ${passwords[i]}"
            done
            common_logger -w "Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services."
        else
            common_logger -d "Passwords changed."
        fi
    fi

}

[davidcr01]

Update Report

Investigating the problem

After investigating the issue, the problem was found in the following lines:

if [ -n "${indexer_installed}" ] && [ -f "/etc/wazuh-indexer/backup/internal_users.yml" ]; then
    awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
fi

This command is not wrong, as it is saving the new configuration in the backup. The problem is that, when the passwords are being changed in the passwords_changePassword function, the internal_users.yml file is not being updated.
However, the password change worked as the securityadmin tool retreived the internal configuration to perform the changes.

The proposed fix is to update the internal_users.yml when the passwords are changed:

awk -v new="${hash}" 'prev=="'${nuser}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml

The awk command is not changed, but the new configuration file is copied to the opensearch-security folder, and the file owner is changed to make the security admin work correctly. As @micsinyei reported, the owner is changed to root and this tool fails.

Testing

With the mentioned changes, this AIO installation is performed correctly.

🟢 AIO installation log

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -o -v
18/09/2023 09:07:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 09:07:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 09:07:51 INFO: --- Removing existing Wazuh installation ---
18/09/2023 09:07:51 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
18/09/2023 09:07:51 INFO: Wazuh indexer removed.
18/09/2023 09:07:51 INFO: Wazuh GPG key was not found in the system
18/09/2023 09:07:52 INFO: Installation cleaned.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Get:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease [119 kB]
Get:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease [109 kB]
Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB]
Get:5 https://mirrors.edge.kernel.org/ubuntu jammy-updates/main amd64 Packages [973 kB]
Get:6 https://mirrors.edge.kernel.org/ubuntu jammy-updates/universe amd64 Packages [981 kB]
Get:7 https://mirrors.edge.kernel.org/ubuntu jammy-updates/universe Translation-en [214 kB]
Fetched 2,506 kB in 3s (968 kB/s)
Reading package lists...
18/09/2023 09:08:04 WARNING: Hardware and system checks ignored.
18/09/2023 09:08:04 INFO: Wazuh web interface port will be 443.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
18/09/2023 09:08:11 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Get:5 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [32.1 kB]
Fetched 49.4 kB in 6s (8,182 B/s)
Reading package lists...
18/09/2023 09:08:19 INFO: Wazuh repository added.
18/09/2023 09:08:19 INFO: --- Configuration files ---
18/09/2023 09:08:19 INFO: Generating configuration files.
18/09/2023 09:08:19 DEBUG: Creating the root certificate.
.....+......+...+....+..+.+............+..+......+.......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.....+...+.......+...............+...+..............+.......+...+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+...+......+.......+.........+......+..+...+...+.......+...+..+.........+...+.......+...+..+....+.....+.......+........+.+...+..+................+..+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+..+.........+...+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
18/09/2023 09:08:20 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
......+.......+......+..+....+......+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.......+..+....+...........+.+...+..+....+.....+....+..+...+..........+.....+.+.......................+.+..+.......+...........+..........+.........+...+.................+...+....+..............+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+..+..........+...........+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+...+......+..+..........+...+...........+.........+......+.+.....+....+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
18/09/2023 09:08:20 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
......+.+...........+.+..+.+............+..................+..+.........+.+...+..+.......+......+...............+..+.........+.........+.........+...+.........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+.....+....+...+...+..+...+.+.........+.................+...+.+...+..+...+......+....+...........+......+...+...+............+.+.....+.+...............+.....+.+.........+..............+.......+..+......+....+........+.........+...+.......+........+...+.......+......+.........+......+......+.....+..................+...+....+.....+.............+........+.............+..+.......+.....+.......+......+...+......+......+...+..+....+...+........+...+......+......+.......+.....+...+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+.......+............+......+...+..+.........+....+......+...+...........+....+.....+.+.........+.....+.......+......+..+.......+......+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+.+.....+...+.......+..+.+..+.............+..+...+.+......+.........+...+...+...+............+..+......+.+.....+.+...............+............+.....+.+.........+..+...+.+..+....+........+...+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+....+..+.........+.........+.+...+........+............+.+..+.......+..+......+...+..........+..+....+......+..+.+......+......+............+........+...+.......+...+............+..+.+...............+..+.......+...........+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
18/09/2023 09:08:20 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days without -x509; not generating a certificate
.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+......+.....+.+.....+...+.+....................+.......+..+......+......+.+.....+.......+...+.........+...+.....+.............+.....+...+....+..+...+................+..+...+....+...+..+..........+......+..+...+.........+...+.........+...+......+....+.................+.+...+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..........+.+...+...+.....+.............+..+.......+..+...+.............+..+......+.+.....+...+......+.......+..+.+......+........+......+....+..+................+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+..+.......+............+.........+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
18/09/2023 09:08:21 DEBUG: Generating random passwords.
18/09/2023 09:08:21 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/09/2023 09:08:21 INFO: --- Wazuh indexer ---
18/09/2023 09:08:21 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/683 MB of archives.
                   After this operation, 971 MB of additional disk space will be used.
      Selecting previously unselected package wazuh-indexer.
(Reading database ... 75816 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.2-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.2-1) ...
Setting up wazuh-indexer (4.5.2-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:09:17 INFO: Wazuh indexer installation finished.
18/09/2023 09:09:17 DEBUG: Configuring Wazuh indexer.
18/09/2023 09:09:17 INFO: Wazuh indexer post-install configuration finished.
18/09/2023 09:09:17 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
18/09/2023 09:09:47 INFO: wazuh-indexer service started.
18/09/2023 09:09:47 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
18/09/2023 09:09:58 INFO: Wazuh indexer cluster initialized.
18/09/2023 09:09:58 INFO: --- Wazuh server ---
18/09/2023 09:09:58 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/171 MB of archives.
                   After this operation, 627 MB of additional disk space will be used.
      Selecting previously unselected package wazuh-manager.
(Reading database ... 76939 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.2-1_amd64.deb ...
Unpacking wazuh-manager (4.5.2-1) ...
Setting up wazuh-manager (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:10:53 INFO: Wazuh manager installation finished.
18/09/2023 09:10:53 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
18/09/2023 09:11:20 INFO: wazuh-manager service started.
18/09/2023 09:11:20 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/22.1 MB of archives.
                    After this operation, 73.6 MB of additional disk space will be used.
        Selecting previously unselected package filebeat.
(Reading database ... 98213 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:11:29 INFO: Filebeat installation finished.
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
18/09/2023 09:11:31 INFO: Filebeat post-install configuration finished.
18/09/2023 09:11:31 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
18/09/2023 09:11:33 INFO: filebeat service started.
18/09/2023 09:11:33 INFO: --- Wazuh dashboard ---
18/09/2023 09:11:33 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/128 MB of archives.
                   After this operation, 813 MB of additional disk space will be used.
      Selecting previously unselected package wazuh-dashboard.
(Reading database ... 98532 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.2-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.2-1) ...
Setting up wazuh-dashboard (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 09:12:39 INFO: Wazuh dashboard installation finished.
18/09/2023 09:12:39 DEBUG: Wazuh dashboard certificate setup finished.
18/09/2023 09:12:39 INFO: Wazuh dashboard post-install configuration finished.
18/09/2023 09:12:39 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
18/09/2023 09:12:40 INFO: wazuh-dashboard service started.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:12:40'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:12:40 DEBUG: Setting Wazuh indexer cluster passwords.'
18/09/2023 09:12:40 DEBUG: Setting Wazuh indexer cluster passwords.
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-manager
+ wazuh_installed='wazuh-manager/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/ossec ']'
+ wazuh_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-indexer
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed='filebeat/stable,now 7.10.2 amd64 [installed]'
+ '[' -d /var/lib/filebeat/ ']'
+ filebeat_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-dashboard
++ apt list --installed
+ dashboard_installed='wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ dashboard_remaining_files=1
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ changeall=1
+ passwords_readUsers
++ grep -v hash:
++ awk '{ print substr( $0, 1, length($0)-1 ) }'
++ grep -B 1 hash: /etc/wazuh-indexer/opensearch-security/internal_users.yml
++ grep -v -
+ susers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t users
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i =~ Invalid credentials ]]
+ passwords_getApiUsers
+ mapfile -t api_users
++ awk '-F: ' '{print $2}'
++ sed -e 's/[\'\''",]//g'
++ grep username
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
+ passwords_getApiIds
+ mapfile -t api_ids
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
++ awk '-F: ' '{print $2}'
++ sed -e 's/[\'\''",]//g'
++ grep id
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfilepasswords='L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*
*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0
h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9
Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapiusers='wazuh
wazuh-wui'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapipasswords='s2NFO2CwFI.4FOeUby*a07.df?5NjhPE
hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*
*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0
h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9
Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE
hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ '[' -n 1 ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ grep -q '[A-Z]'
+ grep -q '[a-z]'
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ grep -q '[0-9]'
+ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaserver == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ logstash == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ readall == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \a\d\m\i\n ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ passwords_checkPassword NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[A-Z]'
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[a-z]'
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[0-9]'
+ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\r\o ]]
+ passwords_checkPassword 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[A-Z]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[a-z]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[0-9]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ grep -q '[.*+?-]'
+ echo 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ supported=true
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\r\o ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ logstash == \l\o\g\s\t\a\s\h ]]
+ passwords_checkPassword '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ grep -q '[A-Z]'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ echo '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
+ supported=true
+ for i in "${!users[@]}"
+ [[ readall == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \l\o\g\s\t\a\s\h ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ logstash == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ readall == \r\e\a\d\a\l\l ]]
+ passwords_checkPassword 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ grep -q '[A-Z]'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ grep -q '[.*+?-]'
+ echo 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ supported=true
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \r\e\a\d\a\l\l ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ logstash == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ readall == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ passwords_checkPassword Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[A-Z]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[a-z]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[0-9]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ grep -q '[.*+?-]'
+ echo Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[A-Z]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[a-z]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[0-9]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ grep -q '[.*+?-]'
+ echo 's2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='s2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[A-Z]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[a-z]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[0-9]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ grep -q '[.*+?-]'
+ echo 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ supported=true
+ '[' true = false ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getNetworkHost
++ grep -hr network.host: /etc/wazuh-indexer/opensearch.yml
+ IP='network.host: "127.0.0.1"'
+ NH='network.host: '
+ IP='"127.0.0.1"'
+ [[ "127.0.0.1" =~ _.*_ ]]
+ '[' '"127.0.0.1"' == 0.0.0.0 ']'
+ passwords_generateHash
+ '[' -n 1 ']'
+ common_logger -d 'Generating password hashes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:12:47'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Generating password hashes.' ']'
+ case ${1} in
+ message='Generating password hashes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:12:47 DEBUG: Generating password hashes.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:12:47 DEBUG: Generating password hashes.
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
++ grep -A 2 issues
++ tail -n 1
+ nhash='$2y$12$HxGV5NtUx7TVAcks4.idheEEfAlRfiuSKASpip0uIuXL0JEyhspYW'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
++ tail -n 1
+ nhash='$2y$12$OZfEj9XLMSeEbyTXPszuM.dMjMa1nK/S5dcShiYiGYdD2yrcRNDiO'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'M?*DKU2wIl8gWifEV9JT4zfSukzi2.N*'
+ nhash='$2y$12$k7T08D7tMOndX8sDk3flL.lIZHkaa3U/ll84ilpOc6m8NGyeSeWCi'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p '*.My4WBrT+.Tg?nLon5VA86R7CDSTpo0'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$xRAzgRyEPsPKbQ0kpw6ZIe6e0MsP.iOvgSwGoy8GoBmnF5Wl5su5G'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'h6wqe*o9MvHAmGA1Cpj+HCnhGn4BrD+9'
+ nhash='$2y$12$i429icaTlWHtrMQ36ewXbeQ6OZiLOHNuLFGG.nRn1Jo11epC7w4Xe'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p Vzpcx2m+DSLZ8VPuv5qRB7zpgfEJIYAm
+ nhash='$2y$12$wbopfq6I.Mr2kpHscEJwHeV67fPQWYiaLU8xkfz57n4XpRbhkCKja'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ common_logger -d 'Password hashes generated.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:04'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password hashes generated.' ']'
+ case ${1} in
+ message='Password hashes generated.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:04 DEBUG: Password hashes generated.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:04 DEBUG: Password hashes generated.
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z ']'
+ eval 'mkdir /etc/wazuh-indexer/backup/ 2>/dev/null'
++ mkdir /etc/wazuh-indexer/backup/
+ eval 'cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null'
++ cp /etc/wazuh-indexer/opensearch-security/action_groups.yml /etc/wazuh-indexer/opensearch-security/allowlist.yml /etc/wazuh-indexer/opensearch-security/audit.yml /etc/wazuh-indexer/opensearch-security/config.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml /etc/wazuh-indexer/opensearch-security/nodes_dn.yml /etc/wazuh-indexer/opensearch-security/opensearch.yml.example /etc/wazuh-indexer/opensearch-security/roles_mapping.yml /etc/wazuh-indexer/opensearch-security/roles.yml /etc/wazuh-indexer/opensearch-security/tenants.yml /etc/wazuh-indexer/opensearch-security/whitelist.yml /etc/wazuh-indexer/backup/
+ passwords_createBackUp
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z '' ]]
+ passwords_readAdmincerts
+ [[ -f /etc/wazuh-indexer/certs/admin.pem ]]
+ adminpem=/etc/wazuh-indexer/certs/admin.pem
+ [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]
+ adminkey=/etc/wazuh-indexer/certs/admin-key.pem
+ common_logger -d 'Creating password backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:05'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Creating password backup.' ']'
+ case ${1} in
+ message='Creating password backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:13:05 DEBUG: Creating password backup.'
18/09/2023 09:13:05 DEBUG: Creating password backup.
+ eval 'mkdir /etc/wazuh-indexer/backup 2>&1 | tee -a /var/log/wazuh-install.log'
++ mkdir /etc/wazuh-indexer/backup
++ tee -a /var/log/wazuh-install.log
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
+ eval 'JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
++ tee -a /var/log/wazuh-install.log
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password backup created in /etc/wazuh-indexer/backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:13'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password backup created in /etc/wazuh-indexer/backup.' ']'
+ case ${1} in
+ message='Password backup created in /etc/wazuh-indexer/backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:13 DEBUG: Password backup created in /etc/wazuh-indexer/backup.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:13 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$HxGV5NtUx7TVAcks4.idheEEfAlRfiuSKASpip0uIuXL0JEyhspYW' 'prev=="admin:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' admin == admin ']'
+ adminpass=L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$OZfEj9XLMSeEbyTXPszuM.dMjMa1nK/S5dcShiYiGYdD2yrcRNDiO' 'prev=="kibanaserver:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' kibanaserver == admin ']'
+ '[' kibanaserver == kibanaserver ']'
+ dashpass=NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$k7T08D7tMOndX8sDk3flL.lIZHkaa3U/ll84ilpOc6m8NGyeSeWCi' 'prev=="kibanaro:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' kibanaro == admin ']'
+ '[' kibanaro == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$xRAzgRyEPsPKbQ0kpw6ZIe6e0MsP.iOvgSwGoy8GoBmnF5Wl5su5G' 'prev=="logstash:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' logstash == admin ']'
+ '[' logstash == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$i429icaTlWHtrMQ36ewXbeQ6OZiLOHNuLFGG.nRn1Jo11epC7w4Xe' 'prev=="readall:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' readall == admin ']'
+ '[' readall == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$wbopfq6I.Mr2kpHscEJwHeV67fPQWYiaLU8xkfz57n4XpRbhkCKja' 'prev=="snapshotrestore:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ cp -f /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ '[' snapshotrestore == admin ']'
+ '[' snapshotrestore == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ grep -q password
+ filebeat keystore list
+ eval 'echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS | filebeat keystore add password --force --stdin 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ filebeat keystore add password --force --stdin
++ echo L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
Successfully updated the keystore
+ passwords_restartService filebeat
+ '[' 1 -ne 1 ']'
+ grep -E -q '^\ *1\ .*systemd$'
+ ps -e
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl daemon-reload
+ eval 'systemctl restart filebeat.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl restart filebeat.service
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'filebeat started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:15'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'filebeat started.' ']'
+ case ${1} in
+ message='filebeat started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:13:15 DEBUG: filebeat started.'
18/09/2023 09:13:15 DEBUG: filebeat started.
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n 'wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq ']'
+ grep -q opensearch.password
+ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list
+ eval 'echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password '
++ echo NgLMks7yLJEZV0+ZknBDlYMrtqD+zsGq
++ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
+ passwords_restartService wazuh-dashboard
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl daemon-reload
+ eval 'systemctl restart wazuh-dashboard.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl restart wazuh-dashboard.service
++ tee -a /var/log/wazuh-install.log
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'wazuh-dashboard started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:17'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'wazuh-dashboard started.' ']'
+ case ${1} in
+ message='wazuh-dashboard started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:17 DEBUG: wazuh-dashboard started.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:17 DEBUG: wazuh-dashboard started.
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_runSecurityAdmin
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z /etc/wazuh-indexer/certs/admin.pem ]]
+ [[ -z /etc/wazuh-indexer/certs/admin-key.pem ]]
+ common_logger -d 'Loading new passwords changes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:13:17'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Loading new passwords changes.' ']'
+ case ${1} in
+ message='Loading new passwords changes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 09:13:17 DEBUG: Loading new passwords changes.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 09:13:17 DEBUG: Loading new passwords changes.
+ read -p Wait
Wait
+ eval 'OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
++ tee -a /var/log/wazuh-install.log
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
+ '[' 0 '!=' 0 ']'
+ eval 'rm -rf /etc/wazuh-indexer/backup/ 2>&1 | tee -a /var/log/wazuh-install.log'
++ rm -rf /etc/wazuh-indexer/backup/
++ tee -a /var/log/wazuh-install.log
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' -n 1 ']'
+ '[' -z 1 ']'
+ common_logger -d 'Passwords changed.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 09:17:45'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Passwords changed.' ']'
+ case ${1} in
+ message='Passwords changed.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 09:17:45 DEBUG: Passwords changed.'
18/09/2023 09:17:45 DEBUG: Passwords changed.
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ installCommon_changePasswordApi
+ '[' -n 1 ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh ']'
+ user_id=1
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh-wui ']'
+ '[' 1 == noid ']'
+ WAZUH_PASS_API='{"password":"s2NFO2CwFI.4FOeUby*a07.df?5NjhPE"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4MzY2LCJleHAiOjE2OTUwMjkyNjYsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AH5bljt8oKtb-nOfcBZLyHRsKfaWAVy8TtcMt5DtuHqaWhvOlLLF3uk4Kj4X-YzzoE04N1Z8TP3rJq8TLWMPpbn4AcA_vM-NrafXCVITxerymPUxBbALWxy7NzIGwG3reeJUcdCygAunqw8yzKiMKkHTV_vuAFzqjoCfzYkUgrmj070i' -H 'Content-Type: application/json' -d '{"password":"s2NFO2CwFI.4FOeUby*a07.df?5NjhPE"}' https://localhost:55000/security/users/1 -o /dev/null
+ '[' wazuh == wazuh ']'
+ sleep 1
+ adminPassword='s2NFO2CwFI.4FOeUby*a07.df?5NjhPE'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u 'wazuh:s2NFO2CwFI.4FOeUby*a07.df?5NjhPE' -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP =~ Invalid credentials ]]
+ '[' wazuh == wazuh-wui ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh-wui
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh ']'
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh-wui ']'
+ user_id=2
+ '[' 2 == noid ']'
+ WAZUH_PASS_API='{"password":"hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDI4NjcwLCJleHAiOjE2OTUwMjk1NzAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUWWWJ3CbD5GkCA_5aW0bFwYFgpsOkd4UMj0g5DJNm-9xSMIsuOpZGvJ2r_EXcFvOEyn87T7N-9RY8eRcWrQZ5vgAQPTUQbp1aRPHOZkTjX_UfvGSkJ6kxjAgg-Szz3TdA7HF89wim7moPswBIovjBqlx55t3Ieaj-sYhL3pj633fnsP' -H 'Content-Type: application/json' -d '{"password":"hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"}' https://localhost:55000/security/users/2 -o /dev/null
+ '[' wazuh-wui == wazuh ']'
+ '[' wazuh-wui == wazuh-wui ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_changeDashboardApiPassword 'hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k'
+ j=0
+ '[' -n '' ']'
+ '[' 0 -eq 12 ']'
+ '[' -f /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ']'
+ eval 'sed -i '\''s|password: .*|password: "hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"|g'\'' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml'
++ sed -i 's|password: .*|password: "hN*tSj26T5H?z8ojsRU6vf3cyYn.?O6k"|g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+ '[' -z 1 ']'
+ file_exists=1
+ sleep 5
+ j=1
+ '[' -n 1 ']'
+ set +x
18/09/2023 09:17:56 INFO: Initializing Wazuh dashboard web application.
18/09/2023 09:17:56 INFO: Wazuh dashboard web application initialized.
18/09/2023 09:17:56 INFO: --- Summary ---
18/09/2023 09:17:56 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: L+CQJcxdqSXYWMo5LRDfNSaaY5NhmFPS
18/09/2023 09:17:56 INFO: Installation finished.
root@ubuntu22:/home/vagrant# 

🟢 `internal_users.yml` file

root@ubuntu22:/home/vagrant# ls -la /etc/wazuh-indexer/opensearch-security/internal_users.yml 
-rw-r----- 1 wazuh-indexer wazuh-indexer 1133 Sep 18 09:13 /etc/wazuh-indexer/opensearch-security/internal_users.yml

root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml 
---
_meta:
  type: "internalusers"
  config_version: 2
admin:
  hash: $2y$12$HxGV5NtUx7TVAcks4.idheEEfAlRfiuSKASpip0uIuXL0JEyhspYW
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
kibanaserver:
  hash: $2y$12$OZfEj9XLMSeEbyTXPszuM.dMjMa1nK/S5dcShiYiGYdD2yrcRNDiO
  reserved: true
  description: "Demo kibanaserver user"
kibanaro:
  hash: $2y$12$k7T08D7tMOndX8sDk3flL.lIZHkaa3U/ll84ilpOc6m8NGyeSeWCi
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
logstash:
  hash: $2y$12$xRAzgRyEPsPKbQ0kpw6ZIe6e0MsP.iOvgSwGoy8GoBmnF5Wl5su5G
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
readall:
  hash: $2y$12$i429icaTlWHtrMQ36ewXbeQ6OZiLOHNuLFGG.nRn1Jo11epC7w4Xe
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
snapshotrestore:
  hash: $2y$12$wbopfq6I.Mr2kpHscEJwHeV67fPQWYiaLU8xkfz57n4XpRbhkCKja
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"

It is necessary to perform more testing, changing the users' passwords, in order to ensure that the change successfully solves the problem. This change should solve all the issues as the passwords_changePasswords function is used in the Installation Assistant and in the password tool.

[micsinyei]

@davidcr01 I also got the same conclusion as you if you check my last comment, however I proposed a different location for the copy.

I am not fully aware how the installation works... If the internal_users.yml exists when the installation uses the passwords_changePasswords function then the -f for the copy and chown is unnecessary.

If the files exists then two locations are possible to simplify the code:

1. passwords_changePassword()
   put the copy above the line: if [ "${nuser}" == "admin" ] || [ -n "${changeall}" ]; then
2. passwords_runSecurityAdmin()
   put above the eval "rm -rf /etc/wazuh-indexer/backup/ ${debug}"

[micsinyei]

Plus one more thing, as I mentioned the the solution is inconsistent with quotes. When you use it with -a (change all) then everything is without quotes then if you use it with -u and -p then the defined users' password will be without quote.

[davidcr01]

Hello @micsinyei. This change can not be included in the passwords_runSecurityAdmin as it does not cover all the use cases.

In the Installation Assistant, the passwords are changed in:

• The AIO installation (-a option).
• In the Wazuh indexer cluster initialization.
• In the Wazuh manager installation.
• In the Wazuh dashboard installation.

But, the security admin tool is executed only in:

• The AIO installation.
• In the Wazuh indexer cluster initialization.

if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then
    passwords_runSecurityAdmin
fi

With this, the internal_users.yml file will not be updated in all the cases. So, it is not recommended to add this change in the passwords_runSecurityAdmin function.

The other option is not valid as the internal_users.yml file will be tried to copy in some cases that are not necessary, and an cp error will be raised.

Here is the related log:

Step-by-step installation using the Unattended

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -o -v
18/09/2023 10:28:16 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:28:16 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:28:18 INFO: --- Removing existing Wazuh installation ---
18/09/2023 10:28:18 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
                                                                After this operation, 627 MB disk space will be freed.
(Reading database ... 193249 files and directories currently installed.)                                              (Reading database ... 
Removing wazuh-manager (4.5.2-1) ...
(Reading database ... 171995 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.5.2-1) ...
18/09/2023 10:28:28 INFO: Wazuh manager removed.
18/09/2023 10:28:28 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
                                                                After this operation, 971 MB disk space will be freed.
(Reading database ... 171975 files and directories currently installed.)                                              (Reading database ... 
Removing wazuh-indexer (4.5.2-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 170891 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.5.2-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
18/09/2023 10:28:33 INFO: Wazuh indexer removed.
18/09/2023 10:28:33 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
18/09/2023 10:28:34 INFO: Wazuh indexer removed.
18/09/2023 10:28:34 INFO: Removing Filebeat.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  filebeat*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
                                                                After this operation, 73.6 MB disk space will be freed.
(Reading database ... 170852 files and directories currently installed.)                                               (Reading database ... 
Removing filebeat (7.10.2) ...
(Reading database ... 170560 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
18/09/2023 10:28:35 INFO: Filebeat removed.
18/09/2023 10:28:35 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 142 not upgraded.
                                                                After this operation, 813 MB disk space will be freed.
(Reading database ... 170533 files and directories currently installed.)                                              (Reading database ... 
Removing wazuh-dashboard (4.5.2-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
(Reading database ... 75825 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.5.2-1) ...
 OK
18/09/2023 10:28:41 INFO: Wazuh dashboard removed.
18/09/2023 10:28:42 INFO: Installation cleaned.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Get:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease [119 kB]
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB]
Fetched 229 kB in 7s (34.7 kB/s)
Reading package lists...
18/09/2023 10:28:54 WARNING: Hardware and system checks ignored.
18/09/2023 10:28:54 INFO: Wazuh web interface port will be 443.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
18/09/2023 10:28:58 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
Get:1 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Get:4 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [32.1 kB]
Hit:5 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:6 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Fetched 49.4 kB in 1s (46.7 kB/s)
Reading package lists...
18/09/2023 10:29:01 INFO: Wazuh repository added.
18/09/2023 10:29:01 INFO: --- Configuration files ---
18/09/2023 10:29:01 INFO: Generating configuration files.
18/09/2023 10:29:01 DEBUG: Creating the root certificate.
....+...+...+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+..................+.......+...+..+...+......+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.+...........+.+...+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+...+........+.+...+...+...+.........+........+.......+.....+.+.....+..........+.....+....+......+............+..+.+......+.....+.+..+...+...+.+...+..+.............+......+.................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+..+...+.......+..+....+............+..+.............+........+.+.....+...+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+.+...........+......+...+....+.....+......+....+........+...+....+...+..+...+.......+.....+.......+........+.+......+......+.........+..............+.......+........+..........+.....+......+.............+........+....+...+......+............+........+.+.....+...+......+.+......+..+......+.+......+.....+...+....+...+.........+.....+...+..........+...+..+..........+..+.........+..........+......+......+.....+....+.....+....+..+.............+..+....+.....+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
18/09/2023 10:29:02 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
.....+.......+...+........+....+..+....+...........+....+..............+...+....+...+..+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+........+.......+.....+..................+....+.....+.......+.....+...+.+......+........+............+.........+......+.........+.+...+.....+...+...+....+........+...............+.........+..........+...+...+..+..........+......+.....+.+......+..+...+..........+..............+.+...+..+.........+...................+..+....+..................+.....+.......+........+.+.....+....+.................+.+...+..+.......+..+...+............+...+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+......+.........+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
18/09/2023 10:29:02 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
...+...+...+.+...+...+............+...+.....+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+...+.......+..+.......+........+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+.+..+....+.....+...+......+.+......+..+..........+..+...+......+.+...+...+.....+.........+.+.........+...+......+.....+.+...+.....+...+...+..........+...........+....+......+.....+.....................+...+....+.....+.+..+..................+.......+.....+...+................+........+.+.........+..+.+.....+...+.+...........+...+..........+......+...+.....+...+....+....................+..........+.....+...+...............+......+....+..+.....................+...............+.......+......+..+....+...+...+..+............+.+..+.......+...+...+.........+.........+............+.....+.......+......+..+...+.......+.....+...+.+...+..................+.....+.......+..+.+........+..........+..+..........+..+...+.......+.....+..........+.....+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+.+.....+...+............+...+....+.....+.+.........+...........+.+...+........+.......+......+......+........+.+.....+.+.....+.+.....+.......+......+.................+.......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+.+...+....................+................+......+...+...+..+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
18/09/2023 10:29:03 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days without -x509; not generating a certificate
..+......+......................+...+......+........+..........+........+...+.+......+..+.+...............+.....+....+........+.........+.+...+...........+.+.....+....+...+..+..................+...+.......+...+........+.......+..+.+..............+.............+...+.....+......+.+..+...+..................+.+...+.....+......+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+......+....+...........+...+.......+..................+...+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......................+.....+...+....+......+.........+......+..+..........+........+....+.........+.....+......+.+..+...+...............+...+.+...+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+...+...+.........+..+....+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+.+...+............+......+..+.+............+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+......................+.....+.........+................+.....+........................+.+.....+....+........+..........+...+........+.........+.+......+.....+......+.......+...+........+......+.+...+...............+.....+......+......+....+...+..+.+...+.........+..+...+...+............+.+..+...+.......+............+...+........+......+.+.........+...+............+..................+..+...............+....+..............+.............+...+...........+..........+.....+...+............+......+...+....+.....+..........+...........+.+......+........+.+.....+.+..+.+..............+.+.....+......+.+.....+.............+.........+..+.+..+...+............+...+....+......+.....+.......+.....................+....................+....+..+.+.....+.......+.....+............+..........+...+...+..+...+...+.......+..............+.+..+.+..+...+....+............+.........+..+.........+..........+..........................+.......+..+.+...+............+..+.+.........+..+.+..+......+.+.....+...............+......+....+........+.+.....+............+...+.+......+..+......+.+........+.......+......+..+......+.......+...+.....+......+......+.........+...+.+.....+..........+.....+......+...+.+...........+.+...+.........+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
18/09/2023 10:29:03 DEBUG: Generating random passwords.
18/09/2023 10:29:04 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/09/2023 10:29:04 INFO: --- Wazuh indexer ---
18/09/2023 10:29:04 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/683 MB of archives.
                                                                                                   After this operation, 971 MB of additional disk space will be used.
                   Selecting previously unselected package wazuh-indexer.
(Reading database ... 75816 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.2-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.2-1) ...
Setting up wazuh-indexer (4.5.2-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:29:57 INFO: Wazuh indexer installation finished.
18/09/2023 10:29:57 DEBUG: Configuring Wazuh indexer.
18/09/2023 10:29:57 INFO: Wazuh indexer post-install configuration finished.
18/09/2023 10:29:57 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
18/09/2023 10:30:20 INFO: wazuh-indexer service started.
18/09/2023 10:30:20 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
18/09/2023 10:30:31 INFO: Wazuh indexer cluster initialized.
18/09/2023 10:30:31 INFO: --- Wazuh server ---
18/09/2023 10:30:31 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/171 MB of archives.
                                                                                                   After this operation, 627 MB of additional disk space will be used.
                   Selecting previously unselected package wazuh-manager.
(Reading database ... 76939 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.2-1_amd64.deb ...
Unpacking wazuh-manager (4.5.2-1) ...
Setting up wazuh-manager (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:31:19 INFO: Wazuh manager installation finished.
18/09/2023 10:31:19 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
18/09/2023 10:31:47 INFO: wazuh-manager service started.
18/09/2023 10:31:47 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/22.1 MB of archives.
                                                                                                    After this operation, 73.6 MB of additional disk space will be used.
                     Selecting previously unselected package filebeat.
(Reading database ... 98213 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:31:55 INFO: Filebeat installation finished.
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
18/09/2023 10:31:58 INFO: Filebeat post-install configuration finished.
18/09/2023 10:31:58 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
18/09/2023 10:32:00 INFO: filebeat service started.
18/09/2023 10:32:00 INFO: --- Wazuh dashboard ---
18/09/2023 10:32:00 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
                                                                Need to get 0 B/128 MB of archives.
                                                                                                   After this operation, 813 MB of additional disk space will be used.
                   Selecting previously unselected package wazuh-dashboard.
(Reading database ... 98532 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.2-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.2-1) ...
Setting up wazuh-dashboard (4.5.2-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-69-generic
NEEDRESTART-KEXP: 5.15.0-69-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
18/09/2023 10:33:05 INFO: Wazuh dashboard installation finished.
18/09/2023 10:33:05 DEBUG: Wazuh dashboard certificate setup finished.
18/09/2023 10:33:05 INFO: Wazuh dashboard post-install configuration finished.
18/09/2023 10:33:05 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
18/09/2023 10:33:06 INFO: wazuh-dashboard service started.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:06'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:06 DEBUG: Setting Wazuh indexer cluster passwords.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:06 DEBUG: Setting Wazuh indexer cluster passwords.
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt 2>&1 | tee -a /var/log/wazuh-install.log'
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
++ tee -a /var/log/wazuh-install.log
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-manager
++ apt list --installed
+ wazuh_installed='wazuh-manager/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/ossec ']'
+ wazuh_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-indexer
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed='filebeat/stable,now 7.10.2 amd64 [installed]'
+ '[' -d /var/lib/filebeat/ ']'
+ filebeat_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed='wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ dashboard_remaining_files=1
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ changeall=1
+ passwords_readUsers
++ grep -B 1 hash: /etc/wazuh-indexer/opensearch-security/internal_users.yml
++ grep -v hash:
++ grep -v -
++ awk '{ print substr( $0, 1, length($0)-1 ) }'
+ susers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t users
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI =~ Invalid credentials ]]
+ passwords_getApiUsers
+ mapfile -t api_users
++ sed -e 's/[\'\''",]//g'
++ awk '-F: ' '{print $2}'
++ grep username
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
+ passwords_getApiIds
+ mapfile -t api_ids
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
++ grep id
++ sed -e 's/[\'\''",]//g'
++ awk '-F: ' '{print $2}'
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ sed -e 's/[\'\''"]//g'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfilepasswords='srI1FIA*nuTrJsab05HgVszmX5iRxL*Q
pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk
cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1
ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv
j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
+ sfileapiusers='wazuh
wazuh-wui'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapipasswords='wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q
pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk
cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1
ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv
j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ '[' -n 1 ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[A-Z]'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[a-z]'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[0-9]'
+ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaserver == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ logstash == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ readall == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \a\d\m\i\n ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ passwords_checkPassword 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[A-Z]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[a-z]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[0-9]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ grep -q '[.*+?-]'
+ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\r\o ]]
+ passwords_checkPassword cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ grep -q '[A-Z]'
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ grep -q '[.*+?-]'
+ echo cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ supported=true
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\r\o ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ logstash == \l\o\g\s\t\a\s\h ]]
+ passwords_checkPassword 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ grep -q '[A-Z]'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ grep -q '[a-z]'
+ grep -q '[0-9]'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ echo 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ supported=true
+ for i in "${!users[@]}"
+ [[ readall == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \l\o\g\s\t\a\s\h ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ logstash == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ readall == \r\e\a\d\a\l\l ]]
+ passwords_checkPassword 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[A-Z]'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[a-z]'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[0-9]'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ echo 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ supported=true
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \r\e\a\d\a\l\l ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ logstash == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ readall == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ passwords_checkPassword 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[A-Z]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[a-z]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[0-9]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ grep -q '[.*+?-]'
+ echo 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[A-Z]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[a-z]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[0-9]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ grep -q '[.*+?-]'
+ echo wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]=wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[A-Z]'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[a-z]'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[0-9]'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ echo 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ supported=true
+ '[' true = false ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getNetworkHost
++ grep -hr network.host: /etc/wazuh-indexer/opensearch.yml
+ IP='network.host: "127.0.0.1"'
+ NH='network.host: '
+ IP='"127.0.0.1"'
+ [[ "127.0.0.1" =~ _.*_ ]]
+ '[' '"127.0.0.1"' == 0.0.0.0 ']'
+ passwords_generateHash
+ '[' -n 1 ']'
+ common_logger -d 'Generating password hashes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:11'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Generating password hashes.' ']'
+ case ${1} in
+ message='Generating password hashes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:33:11 DEBUG: Generating password hashes.'
18/09/2023 10:33:11 DEBUG: Generating password hashes.
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ nhash='$2y$12$dpBqTmK3RcoMZyZjyA1Gy.orM04tlt9uTlkpxpmO9W9OyvjE/j15O'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ nhash='$2y$12$o2leArNYU4bjlEUngWfsAuwHaUyXXejw1iguOhfqcdZBE9D09lXN6'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p cS5X8rG+P.q8u.jaBETlE5oo4..fK.Ov
+ nhash='$2y$12$jqERUNAcNhENuDA01l.x/OHHPA2nYwF17I2BpbTElHHnoR9bAfvAO'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'My*aIarMeMlRiup6ZZvcQwsyhr8sQ2I1'
+ nhash='$2y$12$b.OS8hm3wS4EqLO76E0qa./VED4Dg.ugEavLZMCyBb1tQksYJZcjS'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'ZxgIWcnlDCUwai7aig?T9q8+ivrHh8Iv'
+ nhash='$2y$12$eRyB/6Lar2CftftWWBOmqun.5h3JL95lKvows1VNGxrp8MHtmWghe'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ tail -n 1
++ grep -A 2 issues
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'j96LvOmH+W7rJ1aoKjBj?0qu+CMNwYN?'
+ nhash='$2y$12$m2e7aEm.1fYbx.t8mEW96ed/jdleXzxNf3O.QFGOGDMVCWXEO9Mqy'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ common_logger -d 'Password hashes generated.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:25'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password hashes generated.' ']'
+ case ${1} in
+ message='Password hashes generated.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:33:25 DEBUG: Password hashes generated.'
18/09/2023 10:33:25 DEBUG: Password hashes generated.
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z ']'
+ eval 'mkdir /etc/wazuh-indexer/backup/ 2>/dev/null'
++ mkdir /etc/wazuh-indexer/backup/
+ eval 'cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null'
++ cp /etc/wazuh-indexer/opensearch-security/action_groups.yml /etc/wazuh-indexer/opensearch-security/allowlist.yml /etc/wazuh-indexer/opensearch-security/audit.yml /etc/wazuh-indexer/opensearch-security/config.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml /etc/wazuh-indexer/opensearch-security/nodes_dn.yml /etc/wazuh-indexer/opensearch-security/opensearch.yml.example /etc/wazuh-indexer/opensearch-security/roles_mapping.yml /etc/wazuh-indexer/opensearch-security/roles.yml /etc/wazuh-indexer/opensearch-security/tenants.yml /etc/wazuh-indexer/opensearch-security/whitelist.yml /etc/wazuh-indexer/backup/
+ passwords_createBackUp
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z '' ]]
+ passwords_readAdmincerts
+ [[ -f /etc/wazuh-indexer/certs/admin.pem ]]
+ adminpem=/etc/wazuh-indexer/certs/admin.pem
+ [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]
+ adminkey=/etc/wazuh-indexer/certs/admin-key.pem
+ common_logger -d 'Creating password backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:25'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Creating password backup.' ']'
+ case ${1} in
+ message='Creating password backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:25 DEBUG: Creating password backup.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:25 DEBUG: Creating password backup.
+ eval 'mkdir /etc/wazuh-indexer/backup 2>&1 | tee -a /var/log/wazuh-install.log'
++ mkdir /etc/wazuh-indexer/backup
++ tee -a /var/log/wazuh-install.log
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
+ eval 'JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password backup created in /etc/wazuh-indexer/backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:30'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password backup created in /etc/wazuh-indexer/backup.' ']'
+ case ${1} in
+ message='Password backup created in /etc/wazuh-indexer/backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:30 DEBUG: Password backup created in /etc/wazuh-indexer/backup.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:30 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$dpBqTmK3RcoMZyZjyA1Gy.orM04tlt9uTlkpxpmO9W9OyvjE/j15O' 'prev=="admin:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' admin == admin ']'
+ adminpass='srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$o2leArNYU4bjlEUngWfsAuwHaUyXXejw1iguOhfqcdZBE9D09lXN6' 'prev=="kibanaserver:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaserver == admin ']'
+ '[' kibanaserver == kibanaserver ']'
+ dashpass='pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$jqERUNAcNhENuDA01l.x/OHHPA2nYwF17I2BpbTElHHnoR9bAfvAO' 'prev=="kibanaro:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaro == admin ']'
+ '[' kibanaro == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$b.OS8hm3wS4EqLO76E0qa./VED4Dg.ugEavLZMCyBb1tQksYJZcjS' 'prev=="logstash:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' logstash == admin ']'
+ '[' logstash == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$eRyB/6Lar2CftftWWBOmqun.5h3JL95lKvows1VNGxrp8MHtmWghe' 'prev=="readall:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' readall == admin ']'
+ '[' readall == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$m2e7aEm.1fYbx.t8mEW96ed/jdleXzxNf3O.QFGOGDMVCWXEO9Mqy' 'prev=="snapshotrestore:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' snapshotrestore == admin ']'
+ '[' snapshotrestore == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ grep -q password
+ filebeat keystore list
+ eval 'echo srI1FIA*nuTrJsab05HgVszmX5iRxL*Q | filebeat keystore add password --force --stdin 2>&1 | tee -a /var/log/wazuh-install.log'
++ echo 'srI1FIA*nuTrJsab05HgVszmX5iRxL*Q'
++ tee -a /var/log/wazuh-install.log
++ filebeat keystore add password --force --stdin
Successfully updated the keystore
+ passwords_restartService filebeat
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl daemon-reload
++ tee -a /var/log/wazuh-install.log
+ eval 'systemctl restart filebeat.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl restart filebeat.service
++ tee -a /var/log/wazuh-install.log
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'filebeat started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:31'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'filebeat started.' ']'
+ case ${1} in
+ message='filebeat started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:33:31 DEBUG: filebeat started.'
18/09/2023 10:33:31 DEBUG: filebeat started.
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n 'wazuh-dashboard/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk' ']'
+ grep -q opensearch.password
+ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root list
+ eval 'echo pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password '
++ echo 'pb?ROTd3?4?vd?FnKtQ7hVVQSY+tIEfk'
++ /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
+ passwords_restartService wazuh-dashboard
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ systemctl daemon-reload
+ eval 'systemctl restart wazuh-dashboard.service 2>&1 | tee -a /var/log/wazuh-install.log'
++ systemctl restart wazuh-dashboard.service
++ tee -a /var/log/wazuh-install.log
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'wazuh-dashboard started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:33'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'wazuh-dashboard started.' ']'
+ case ${1} in
+ message='wazuh-dashboard started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:33 DEBUG: wazuh-dashboard started.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:33 DEBUG: wazuh-dashboard started.
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_runSecurityAdmin
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z /etc/wazuh-indexer/certs/admin.pem ]]
+ [[ -z /etc/wazuh-indexer/certs/admin-key.pem ]]
+ common_logger -d 'Loading new passwords changes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:33:33'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Loading new passwords changes.' ']'
+ case ${1} in
+ message='Loading new passwords changes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '18/09/2023 10:33:33 DEBUG: Loading new passwords changes.'
+ tee -a /var/log/wazuh-install.log
18/09/2023 10:33:33 DEBUG: Loading new passwords changes.
+ read -p Wait
Wait
+ eval 'OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h "127.0.0.1" 2>&1 | tee -a /var/log/wazuh-install.log'
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
++ tee -a /var/log/wazuh-install.log
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.6.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
+ '[' 0 '!=' 0 ']'
+ eval 'cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml'
++ cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ eval 'rm -rf /etc/wazuh-indexer/backup/ 2>&1 | tee -a /var/log/wazuh-install.log'
++ tee -a /var/log/wazuh-install.log
++ rm -rf /etc/wazuh-indexer/backup/
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' -n 1 ']'
+ '[' -z 1 ']'
+ common_logger -d 'Passwords changed.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:37:05'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Passwords changed.' ']'
+ case ${1} in
+ message='Passwords changed.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n 1 ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '18/09/2023 10:37:05 DEBUG: Passwords changed.'
18/09/2023 10:37:05 DEBUG: Passwords changed.
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ installCommon_changePasswordApi
+ '[' -n 1 ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh ']'
+ user_id=1
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh-wui ']'
+ '[' 1 == noid ']'
+ WAZUH_PASS_API='{"password":"wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzMTkwLCJleHAiOjE2OTUwMzQwOTAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ATa2v7U36hCni3nWC6cFnZEvQYtR3fG9q0PFLIppErrcB77CX0oCQoX7D8jDeptGoUnaf6k_183su9Wg_FL_veC3AXHlcDTVxluTGvjqAF9hgzOERUXv-umzDJECTXVPX4O3fHI_uHe1SO1BhBRbyIicJanyGwig3X7516KvtIdiXhoI' -H 'Content-Type: application/json' -d '{"password":"wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW"}' https://localhost:55000/security/users/1 -o /dev/null
+ '[' wazuh == wazuh ']'
+ sleep 1
+ adminPassword=wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wgfsJzQLlTj.Ah8VL+.Drj5G.uWte8yW -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul =~ Invalid credentials ]]
+ '[' wazuh == wazuh-wui ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh-wui
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh ']'
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh-wui ']'
+ user_id=2
+ '[' 2 == noid ']'
+ WAZUH_PASS_API='{"password":"iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDMzNDI4LCJleHAiOjE2OTUwMzQzMjgsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AFAJMbuxsCA4LlQC0BPSBvs_NQclPFI6H3b9E-8JL4LH27QH_-q8WkNUZHbsi3N-85tZ5Y62ENPiqG7N2bGfTcVeAJwCDxNtpQHGoWBMARW3jejnuxcyn845UUlEaAjTFu7KDDiczzXdBqIWnvhxFf6hDi8gJ3_wsuiNjqI-Bb_wE1Ul' -H 'Content-Type: application/json' -d '{"password":"iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"}' https://localhost:55000/security/users/2 -o /dev/null
+ '[' wazuh-wui == wazuh ']'
+ '[' wazuh-wui == wazuh-wui ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_changeDashboardApiPassword 'iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj'
+ j=0
+ '[' -n '' ']'
+ '[' 0 -eq 12 ']'
+ '[' -f /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ']'
+ eval 'sed -i '\''s|password: .*|password: "iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"|g'\'' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml'
++ sed -i 's|password: .*|password: "iBjWwLR1hNeV*79zZcPLly+B0.PlIzoj"|g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+ '[' -z 1 ']'
+ file_exists=1
+ sleep 5
+ j=1
+ '[' -n 1 ']'
+ set +x
18/09/2023 10:37:14 INFO: Initializing Wazuh dashboard web application.
18/09/2023 10:37:15 INFO: Wazuh dashboard web application initialized.
18/09/2023 10:37:15 INFO: --- Summary ---
18/09/2023 10:37:15 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: srI1FIA*nuTrJsab05HgVszmX5iRxL*Q
18/09/2023 10:37:15 INFO: Installation finished.



root@ubuntu22:/home/vagrant# bash wazuh-install.sh -wi node-1 -o -i -t wazuh-install-files.tar && bash wazuh-install.sh -s
18/09/2023 10:47:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:47:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:47:51 INFO: --- Removing existing Wazuh installation ---
18/09/2023 10:47:51 INFO: Removing Wazuh indexer.
18/09/2023 10:47:51 INFO: Wazuh indexer removed.
18/09/2023 10:47:51 INFO: Wazuh GPG key was not found in the system
18/09/2023 10:47:52 INFO: Installation cleaned.
18/09/2023 10:47:58 WARNING: Hardware and system checks ignored.
18/09/2023 10:48:04 INFO: Wazuh repository added.
18/09/2023 10:48:04 INFO: --- Wazuh indexer ---
18/09/2023 10:48:04 INFO: Starting Wazuh indexer installation.
18/09/2023 10:48:54 INFO: Wazuh indexer installation finished.
18/09/2023 10:48:54 INFO: Wazuh indexer post-install configuration finished.
18/09/2023 10:48:54 INFO: Starting service wazuh-indexer.
18/09/2023 10:49:15 INFO: wazuh-indexer service started.
18/09/2023 10:49:15 INFO: Initializing Wazuh indexer cluster security settings.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:16'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -f wazuh-install-files.tar ']'
+ eval 'tar -xf wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt >> /var/log/wazuh-install.log 2>&1'
++ tar -xf wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-manager
+ wazuh_installed=
+ '[' -d /var/ossec ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-indexer
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed=
+ '[' -d /var/lib/filebeat/ ']'
+ '[' -d /usr/share/filebeat ']'
+ '[' -d /etc/filebeat ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed=
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ '[' -d /etc/wazuh-dashboard ']'
+ '[' -d /run/wazuh-dashboard/ ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ no_indexer_backup=1
+ '[' -n '' ']'
+ '[' -n '' ']'
+ api_users=(wazuh wazuh-wui)
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfilepasswords='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ sed -e 's/[\'\''"]//g'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapiusers='wazuh
wazuh-wui'
++ sed -e 's/[\'\''"]//g'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapipasswords='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' -n '' ']'
+ finalusers=()
+ finalpasswords=()
+ finalapiusers=()
+ finalapipasswords=()
+ '[' -n '' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[A-Z]'
+ grep -q '[a-z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[0-9]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[.*+?-]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[A-Z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[a-z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[0-9]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[.*+?-]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ '[' true = false ']'
+ users=()
+ mapfile -t users
++ printf '%s\n'
+ mapfile -t passwords
++ printf '%s\n'
+ mapfile -t api_users
++ printf '%s\n' wazuh wazuh-wui
+ mapfile -t api_passwords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd' 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ changeall=1
+ '[' -n '' ']'
+ '[' -n '' ']'
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z 1 ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ '[' '' == admin ']'
+ '[' '' == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ set +x
18/09/2023 10:49:19 INFO: Wazuh indexer cluster initialized.
18/09/2023 10:49:19 INFO: Installation finished.
18/09/2023 10:49:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:49:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:49:36 INFO: Wazuh indexer cluster security configuration initialized.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:37'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt >> /var/log/wazuh-install.log 2>&1'
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-manager
+ wazuh_installed=
+ '[' -d /var/ossec ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-indexer
++ apt list --installed
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep filebeat
+ filebeat_installed=
+ '[' -d /var/lib/filebeat/ ']'
+ '[' -d /usr/share/filebeat ']'
+ '[' -d /etc/filebeat ']'
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed=
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ '[' -d /etc/wazuh-dashboard ']'
+ '[' -d /run/wazuh-dashboard/ ']'
+ '[' -n 1 ']'
+ changeall=1
+ passwords_readUsers
++ grep -v -
++ awk '{ print substr( $0, 1, length($0)-1 ) }'
++ grep -v hash:
++ grep -B 1 hash: /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ susers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t users
+ '[' -n '' ']'
+ '[' -n '' ']'
+ api_users=(wazuh wazuh-wui)
+ installCommon_readPasswordFileUsers
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfilepasswords='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapiusers='wazuh
wazuh-wui'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
+ sfileapipasswords='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' -n 1 ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[A-Z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[a-z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[0-9]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[.*+?-]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaserver == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ logstash == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ readall == \a\d\m\i\n ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \a\d\m\i\n ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ passwords_checkPassword 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[A-Z]'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[a-z]'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[0-9]'
+ echo 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ supported=true
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \k\i\b\a\n\a\r\o ]]
+ passwords_checkPassword 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[A-Z]'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[a-z]'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[0-9]'
+ echo 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
+ supported=true
+ for i in "${!users[@]}"
+ [[ logstash == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ readall == \k\i\b\a\n\a\r\o ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \k\i\b\a\n\a\r\o ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ logstash == \l\o\g\s\t\a\s\h ]]
+ passwords_checkPassword 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[A-Z]'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[a-z]'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[0-9]'
+ echo 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
+ supported=true
+ for i in "${!users[@]}"
+ [[ readall == \l\o\g\s\t\a\s\h ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \l\o\g\s\t\a\s\h ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ logstash == \r\e\a\d\a\l\l ]]
+ for i in "${!users[@]}"
+ [[ readall == \r\e\a\d\a\l\l ]]
+ passwords_checkPassword gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[A-Z]'
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[a-z]'
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[0-9]'
+ echo gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]=gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ supported=true
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \r\e\a\d\a\l\l ]]
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaserver == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ kibanaro == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ logstash == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ readall == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ for i in "${!users[@]}"
+ [[ snapshotrestore == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ passwords_checkPassword 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[A-Z]'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[a-z]'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[0-9]'
+ echo 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ passwords[i]='yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[A-Z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[a-z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[0-9]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[A-Z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[a-z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[0-9]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ supported=true
+ '[' true = false ']'
+ '[' -n 1 ']'
+ passwords_getNetworkHost
++ grep -hr network.host: /etc/wazuh-indexer/opensearch.yml
+ IP='network.host: 127.0.0.1'
+ NH='network.host: '
+ IP=127.0.0.1
+ [[ 127.0.0.1 =~ _.*_ ]]
+ '[' 127.0.0.1 == 0.0.0.0 ']'
+ passwords_generateHash
+ '[' -n 1 ']'
+ common_logger -d 'Generating password hashes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:40'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Generating password hashes.' ']'
+ case ${1} in
+ message='Generating password hashes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
++ grep -A 2 issues
++ tail -n 1
+ nhash='$2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ grep -A 2 issues
++ tail -n 1
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
+ nhash='$2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ for i in "${!passwords[@]}"
++ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p 'yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ tail -n 1
++ grep -A 2 issues
+ nhash='$2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG'
+ '[' 0 '!=' 0 ']'
+ hashes+=("${nhash}")
+ common_logger -d 'Password hashes generated.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:46'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password hashes generated.' ']'
+ case ${1} in
+ message='Password hashes generated.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z ']'
+ eval 'mkdir /etc/wazuh-indexer/backup/ 2>/dev/null'
++ mkdir /etc/wazuh-indexer/backup/
+ eval 'cp /etc/wazuh-indexer/opensearch-security/* /etc/wazuh-indexer/backup/ 2>/dev/null'
++ cp /etc/wazuh-indexer/opensearch-security/action_groups.yml /etc/wazuh-indexer/opensearch-security/allowlist.yml /etc/wazuh-indexer/opensearch-security/audit.yml /etc/wazuh-indexer/opensearch-security/config.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml /etc/wazuh-indexer/opensearch-security/nodes_dn.yml /etc/wazuh-indexer/opensearch-security/opensearch.yml.example /etc/wazuh-indexer/opensearch-security/roles_mapping.yml /etc/wazuh-indexer/opensearch-security/roles.yml /etc/wazuh-indexer/opensearch-security/tenants.yml /etc/wazuh-indexer/opensearch-security/whitelist.yml /etc/wazuh-indexer/backup/
+ passwords_createBackUp
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z '' ]]
+ passwords_readAdmincerts
+ [[ -f /etc/wazuh-indexer/certs/admin.pem ]]
+ adminpem=/etc/wazuh-indexer/certs/admin.pem
+ [[ -f /etc/wazuh-indexer/certs/admin-key.pem ]]
+ adminkey=/etc/wazuh-indexer/certs/admin-key.pem
+ common_logger -d 'Creating password backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:46'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Creating password backup.' ']'
+ case ${1} in
+ message='Creating password backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ eval 'mkdir /etc/wazuh-indexer/backup >> /var/log/wazuh-install.log 2>&1'
++ mkdir /etc/wazuh-indexer/backup
+ eval 'JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1 >> /var/log/wazuh-install.log 2>&1'
++ JAVA_HOME=/usr/share/wazuh-indexer/jdk/
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/wazuh-indexer/backup -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h 127.0.0.1
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'Password backup created in /etc/wazuh-indexer/backup.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:50'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Password backup created in /etc/wazuh-indexer/backup.' ']'
+ case ${1} in
+ message='Password backup created in /etc/wazuh-indexer/backup.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u' 'prev=="admin:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' admin == admin ']'
+ adminpass='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e' 'prev=="kibanaserver:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaserver == admin ']'
+ '[' kibanaserver == kibanaserver ']'
+ dashpass='Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C' 'prev=="kibanaro:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' kibanaro == admin ']'
+ '[' kibanaro == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq' 'prev=="logstash:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' logstash == admin ']'
+ '[' logstash == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG' 'prev=="readall:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' readall == admin ']'
+ '[' readall == kibanaserver ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ awk -v 'new=$2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG' 'prev=="snapshotrestore:"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml
+ mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+ '[' snapshotrestore == admin ']'
+ '[' snapshotrestore == kibanaserver ']'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ passwords_runSecurityAdmin
+ '[' -z 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
++ grep 'plugins.security.ssl.transport.pemtrustedcas_filepath: ' /etc/wazuh-indexer/opensearch.yml
+ capem='plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem'
+ rcapem='plugins.security.ssl.transport.pemtrustedcas_filepath: '
+ capem=/etc/wazuh-indexer/certs/root-ca.pem
+ [[ -z /etc/wazuh-indexer/certs/admin.pem ]]
+ [[ -z /etc/wazuh-indexer/certs/admin-key.pem ]]
+ common_logger -d 'Loading new passwords changes.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:49:50'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Loading new passwords changes.' ']'
+ case ${1} in
+ message='Loading new passwords changes.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ read -p Wait
Wait
+ eval 'OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1 >> /var/log/wazuh-install.log 2>&1'
++ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer
++ /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/backup/internal_users.yml -t internalusers -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -icl -h 127.0.0.1
+ '[' 0 '!=' 0 ']'
+ eval 'cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml'
++ cp /etc/wazuh-indexer/backup/internal_users.yml /etc/wazuh-indexer/opensearch-security/internal_users.yml
+ eval 'rm -rf /etc/wazuh-indexer/backup/ >> /var/log/wazuh-install.log 2>&1'
++ rm -rf /etc/wazuh-indexer/backup/
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' -n 1 ']'
+ '[' -z '' ']'
+ '[' -z '' ']'
+ '[' -z '' ']'
+ '[' -z '' ']'
+ '[' -z 1 ']'
+ common_logger -d 'Passwords changed.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:53:51'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Passwords changed.' ']'
+ case ${1} in
+ message='Passwords changed.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ set +x
18/09/2023 10:53:51 INFO: Wazuh indexer cluster started.


root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml 
---
_meta:
  type: "internalusers"
  config_version: 2
admin:
  hash: $2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
kibanaserver:
  hash: $2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e
  reserved: true
  description: "Demo kibanaserver user"
kibanaro:
  hash: $2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
logstash:
  hash: $2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
readall:
  hash: $2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
snapshotrestore:
  hash: $2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"
root@ubuntu22:/home/vagrant# 


root@ubuntu22:/home/vagrant# bash wazuh-install.sh -ws wazuh-1 -i
18/09/2023 10:57:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
18/09/2023 10:57:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2023 10:58:05 WARNING: Hardware and system checks ignored.
18/09/2023 10:58:09 INFO: Wazuh repository added.
18/09/2023 10:58:10 INFO: --- Wazuh server ---
18/09/2023 10:58:10 INFO: Starting the Wazuh manager installation.
18/09/2023 10:59:00 INFO: Wazuh manager installation finished.
18/09/2023 10:59:00 INFO: Starting service wazuh-manager.
18/09/2023 10:59:25 INFO: wazuh-manager service started.
18/09/2023 10:59:25 INFO: Starting Filebeat installation.
18/09/2023 10:59:31 INFO: Filebeat installation finished.
18/09/2023 10:59:32 INFO: Filebeat post-install configuration finished.
+ common_logger -d 'Setting Wazuh indexer cluster passwords.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:59:32'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'Setting Wazuh indexer cluster passwords.' ']'
+ case ${1} in
+ message='Setting Wazuh indexer cluster passwords.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -f /home/vagrant/wazuh-install-files.tar ']'
+ eval 'tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt >> /var/log/wazuh-install.log 2>&1'
++ tar -xf /home/vagrant/wazuh-install-files.tar -C /tmp wazuh-install-files/wazuh-passwords.txt
+ p_file=/tmp/wazuh-install-files/wazuh-passwords.txt
+ common_checkInstalled
+ wazuh_installed=
+ indexer_installed=
+ filebeat_installed=
+ dashboard_installed=
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-manager
++ apt list --installed
+ wazuh_installed='wazuh-manager/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/ossec ']'
+ wazuh_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep wazuh-indexer
++ apt list --installed
+ indexer_installed='wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]'
+ '[' -d /var/lib/wazuh-indexer/ ']'
+ indexer_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ grep filebeat
++ apt list --installed
+ filebeat_installed='filebeat/stable,now 7.10.2 amd64 [installed]'
+ '[' -d /var/lib/filebeat/ ']'
+ filebeat_remaining_files=1
+ '[' apt-get == yum ']'
+ '[' apt-get == apt-get ']'
++ apt list --installed
++ grep wazuh-dashboard
+ dashboard_installed=
+ '[' -d /var/lib/wazuh-dashboard/ ']'
+ '[' -d /usr/share/wazuh-dashboard ']'
+ '[' -d /etc/wazuh-dashboard ']'
+ '[' -d /run/wazuh-dashboard/ ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ no_indexer_backup=1
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX =~ Invalid credentials ]]
+ passwords_getApiUsers
+ mapfile -t api_users
++ grep username
++ sed -e 's/[\'\''",]//g'
++ awk '-F: ' '{print $2}'
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
+ passwords_getApiIds
+ mapfile -t api_ids
++ curl -s -k -X GET -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
++ awk '-F: ' '{print $2}'
++ grep id
++ sed -e 's/[\'\''",]//g'
+ installCommon_readPasswordFileUsers
++ grep -Ev '^#|^\s*$' /tmp/wazuh-install-files/wazuh-passwords.txt
++ grep -Pzc '\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\''"]?[\w.*+?-]+[\'\''"]?)+\Z'
+ filecorrect=1
+ [[ 1 -ne 1 ]]
++ grep indexer_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ awk '{ print substr( $2, 1, length($2) ) }'
++ sed -e 's/[\'\''"]//g'
+ sfileusers='admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
++ awk '{ print substr( $2, 1, length($2) ) }'
++ grep indexer_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
+ sfilepasswords='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
++ grep api_username: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapiusers='wazuh
wazuh-wui'
++ grep api_password: /tmp/wazuh-install-files/wazuh-passwords.txt
++ sed -e 's/[\'\''"]//g'
++ awk '{ print substr( $2, 1, length($2) ) }'
+ sfileapipasswords='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ mapfile -t fileusers
++ printf '%s\n' 'admin
kibanaserver
kibanaro
logstash
readall
snapshotrestore'
+ mapfile -t filepasswords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi
Z2WnenZhDmnSASyu0xUHHQ+G*IGbBB+k
opHXD0r17axTutPdkk?z2wNf7Nw*a2.Q
ozJL*YbNqWHI7Rf1F43j1dtLTA?cfGaF
gmiK5uwklxr6K4+vcqoeMjjyMSas.G15
yGgpLSzahxUhn+yL?Xpadl7V.YF?qbpv'
+ mapfile -t fileapiusers
++ printf '%s\n' 'wazuh
wazuh-wui'
+ mapfile -t fileapipasswords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd
eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ '[' -n '' ']'
+ finalusers=()
+ finalpasswords=()
+ finalapiusers=()
+ finalapipasswords=()
+ '[' -n '' ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ '[' -n 1 ']'
+ users=(admin)
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \a\d\m\i\n ]]
+ passwords_checkPassword 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[A-Z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[a-z]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[0-9]'
+ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalusers+=(${fileusers[j]})
+ finalpasswords+=(${filepasswords[j]})
+ supported=true
+ '[' true = false ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\s\e\r\v\e\r ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \k\i\b\a\n\a\r\o ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \l\o\g\s\t\a\s\h ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \r\e\a\d\a\l\l ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileusers[@]}"
+ supported=false
+ for i in "${!users[@]}"
+ [[ admin == \s\n\a\p\s\h\o\t\r\e\s\t\o\r\e ]]
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -n '' ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[A-Z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[a-z]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[0-9]'
+ echo 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[A-Z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[a-z]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[0-9]'
+ echo 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ finalapiusers+=("${fileapiusers[j]}")
+ finalapipasswords+=("${fileapipasswords[j]}")
+ supported=true
+ '[' true = false ']'
+ users=()
+ mapfile -t users
++ printf '%s\n' admin
+ mapfile -t passwords
++ printf '%s\n' 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ mapfile -t api_users
++ printf '%s\n' wazuh wazuh-wui
+ mapfile -t api_passwords
++ printf '%s\n' 'Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd' 'eWqjCV3lZY4HpV+kh3R590NU5w*gUj43'
+ changeall=1
+ '[' -n '' ']'
+ '[' -n '' ']'
+ passwords_changePassword
+ '[' -n 1 ']'
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -z 1 ']'
+ for i in "${!passwords[@]}"
+ '[' -n 'wazuh-indexer/stable,now 4.5.2-1 amd64 [installed]' ']'
+ '[' -f /etc/wazuh-indexer/backup/internal_users.yml ']'
+ '[' admin == admin ']'
+ adminpass='ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
+ '[' '' == admin ']'
+ '[' -n 1 ']'
+ '[' -n 'filebeat/stable,now 7.10.2 amd64 [installed]' ']'
+ filebeat keystore list
+ grep -q password
+ eval 'echo ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi | filebeat keystore add password --force --stdin >> /var/log/wazuh-install.log 2>&1'
++ echo 'ng5nMONDzvXWWapDE2CVJ*CUux*o.Kzi'
++ filebeat keystore add password --force --stdin
+ passwords_restartService filebeat
+ '[' 1 -ne 1 ']'
+ ps -e
+ grep -E -q '^\ *1\ .*systemd$'
+ eval 'systemctl daemon-reload >> /var/log/wazuh-install.log 2>&1'
++ systemctl daemon-reload
+ eval 'systemctl restart filebeat.service >> /var/log/wazuh-install.log 2>&1'
++ systemctl restart filebeat.service
+ '[' 0 '!=' 0 ']'
+ common_logger -d 'filebeat started.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='18/09/2023 10:59:36'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -d ']'
+ '[' -n -d ']'
+ case ${1} in
+ debugLogger=1
+ mtype=DEBUG:
+ shift 1
+ '[' -n 'filebeat started.' ']'
+ case ${1} in
+ message='filebeat started.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z 1 ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' '' == kibanaserver ']'
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n 1 ']'
+ '[' '' == master ']'
+ '[' 1 -eq 1 ']'
+ installCommon_changePasswordApi
+ '[' -n 1 ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh ']'
+ user_id=1
+ for u in "${!api_users[@]}"
+ '[' wazuh == wazuh-wui ']'
+ '[' 1 == noid ']'
+ WAZUH_PASS_API='{"password":"Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc1LCJleHAiOjE2OTUwMzU2NzUsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AWQJKxkCHEQWbUk5LTCctmy0XC3hH9zEoz8hzs0E2oiB-W7I1BKuMAPP_pvGm3z5i8ttKpgP6YoYYqK7WYGR4y73AD8AGARWVhkQlU5PW3vtlzQW1F7-D4PZgrtm5CpMU52lEa1LlnsyqQLqyiXd8wrzioLz9A-vOrY9e_pnUzOeYvsX' -H 'Content-Type: application/json' -d '{"password":"Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd"}' https://localhost:55000/security/users/1 -o /dev/null
+ '[' wazuh == wazuh ']'
+ sleep 1
+ adminPassword='Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd'
+ passwords_getApiToken
+ retries=0
+ max_internal_error_retries=20
++ curl -s -u 'wazuh:Ir9uMdpfdpJqVjg+kW.FhZ4+*I2Hpuwd' -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a =~ Invalid credentials ]]
+ '[' wazuh == wazuh-wui ']'
+ for i in "${!api_passwords[@]}"
+ '[' -n 1 ']'
+ passwords_getApiUserId wazuh-wui
+ user_id=noid
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh ']'
+ for u in "${!api_users[@]}"
+ '[' wazuh-wui == wazuh-wui ']'
+ user_id=2
+ '[' 2 == noid ']'
+ WAZUH_PASS_API='{"password":"eWqjCV3lZY4HpV+kh3R590NU5w*gUj43"}'
+ eval 'curl -s -k -X PUT -H "Authorization: Bearer $TOKEN_API" -H "Content-Type: application/json" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null'
++ curl -s -k -X PUT -H 'Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjk1MDM0Nzc5LCJleHAiOjE2OTUwMzU2NzksInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AQiKxJkMpX21z4MtZUdRFc70d535cMyoPIsH01IF8Tkvw9aK5hU7k9CS9dWZsXWZWxNtjgMoHpDOdeKorJONJcvIAJva3LXc1xEfKsTdelm4A1YiN57wHhPsFF5KC4juagYgRtxnvrEHemnmoKfgfLdHI7h59VSdmbvpi7GQ5kxKpl4a' -H 'Content-Type: application/json' -d '{"password":"eWqjCV3lZY4HpV+kh3R590NU5w*gUj43"}' https://localhost:55000/security/users/2 -o /dev/null
+ '[' wazuh-wui == wazuh ']'
+ '[' wazuh-wui == wazuh-wui ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ set +x
18/09/2023 10:59:40 INFO: Starting service filebeat.
18/09/2023 10:59:42 INFO: filebeat service started.
18/09/2023 10:59:42 INFO: Installation finished.


root@ubuntu22:/home/vagrant# cat /etc/wazuh-indexer/opensearch-security/internal_users.yml 
---
_meta:
  type: "internalusers"
  config_version: 2
admin:
  hash: $2y$12$In/cGpVfdJl4BOtHsuDYL.Vq3D3Io9DpxH0lnVM3aN9bRbbdfy79u
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
kibanaserver:
  hash: $2y$12$.xmfbOKf85vvQNFQP8nhaOKxxWHO7h1aLoLPWhhXKljuufW3z/o0e
  reserved: true
  description: "Demo kibanaserver user"
kibanaro:
  hash: $2y$12$St8rh.yrqF5c6mxAk3wAoOH5Ix20rjpYcI3A3xS8Gf9izuLOcGz5C
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
logstash:
  hash: $2y$12$rlfXMCuZ6OwcKBtlrX.sGOIuNXnpOSyjpOaNIKHoct848TOVQDviq
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
readall:
  hash: $2y$12$U/xIcD3RSuqWIIw43r6x/.iDYtgX9SnX2n3xS/R79Z/G8WJSkhgSG
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
snapshotrestore:
  hash: $2y$12$OoWix8KM3dSOB/CkB/phb.X27ffUY3wJ4CeFgcZb/oGcbZUYjN8rG
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"

[micsinyei]

I have been looking into the code however in the manager.sh and dashboard.sh I have not any reference to password, except for the dashboard which has the following installCommon_getPass "admin".

Is there an order for the component installation?

If it is: indexer,manager,dashboard. Then the passwords_runSecurityAdmin will run with the indexer installation and after that the manager and dashboard do not touch the passwords_changePasswords. I might overlook something, but at first glance seems viable. I will try to test it as well.

[davidcr01]

Hello again @micsinyei.

Yes, you are right. After some testing I discovered that the internal_users.yml file is only touched in the Wazuh indexer installation and in the AIO installation, although the manager and dashboard installation use the same function passwords_changePassword, but not the same code.

With this, the change will be introduced in the passwords_runSecurityAdmin instead of the passwords_changePassword. I have checked that these functions are executed together in the Installation Assistant and in the password tool.

Related to this comment, I would invite you to open an issue in this repository to report this bug or feature, as this is out of the scope of this issue.