Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Available packages must be checked before installation #65

Closed
5 tasks done
davidcr01 opened this issue Sep 18, 2024 · 2 comments · Fixed by #80
Closed
5 tasks done

Available packages must be checked before installation #65

davidcr01 opened this issue Sep 18, 2024 · 2 comments · Fixed by #80
Assignees
@davidcr01
Labels
level/task Task issue type/change Change performed in a resource or Wazuh Cloud environment

Comments

@davidcr01
Copy link
Contributor

davidcr01 commented Sep 18, 2024
edited
Loading

Description

As a complementary issue of #63, and part of the #21, the aim of this issue is to improve the way the Installation assistant installs the packages.

In this case, we want the assistant to check if the Wazuh central packages are available to install or not. To perform this, the Wazuh repository and key must be added before the check. This new development intends to avoid the following behavior:

root@ip-172-31-43-86:/home/ubuntu# bash wazuh-install.sh -a
18/09/2024 14:11:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0
18/09/2024 14:11:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2024 14:11:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/09/2024 14:11:37 INFO: Wazuh web interface port will be 443.
18/09/2024 14:11:42 INFO: --- Dependencies ----
18/09/2024 14:11:42 INFO: Installing apt-transport-https.
18/09/2024 14:11:49 INFO: Installing debhelper.
18/09/2024 14:12:31 INFO: Wazuh development repository added.
18/09/2024 14:12:31 INFO: --- Configuration files ---
18/09/2024 14:12:31 INFO: Generating configuration files.
18/09/2024 14:12:31 INFO: Generating the root certificate.
18/09/2024 14:12:32 INFO: Generating Admin certificates.
18/09/2024 14:12:32 INFO: Generating Wazuh indexer certificates.
18/09/2024 14:12:32 INFO: Generating Filebeat certificates.
18/09/2024 14:12:32 INFO: Generating Wazuh dashboard certificates.
18/09/2024 14:12:33 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/09/2024 14:12:33 INFO: --- Wazuh indexer ---
18/09/2024 14:12:33 INFO: Starting Wazuh indexer installation.
18/09/2024 14:12:34 ERROR: Wazuh indexer installation failed.
18/09/2024 14:12:34 INFO: --- Removing existing Wazuh installation ---
18/09/2024 14:12:34 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.

The failure of the installation is because there is no 4.10.0 packages in the selected repository. The new logic should be executed on a early stage of the installation process.

The desired behavior should be the following:

root@ip-172-31-43-86:/home/ubuntu# bash wazuh-install.sh -a
18/09/2024 14:11:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0
18/09/2024 14:11:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/09/2024 14:11:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
18/09/2024 14:11:37 ERROR: There are no available packages with version 4.10.0 in the selected repository.
18/09/2024 14:12:34 INFO: --- Removing existing Wazuh installation ---
18/09/2024 14:12:34 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.

Tasks

  • Add a new function/logic to check the available packages
  • Apply the logic
  • Validate that the new logic works as expected
    • In case of success (packages are available)
    • In case of failure (packages are not available)
@davidcr01 davidcr01 added level/task Task issue type/change Change performed in a resource or Wazuh Cloud environment labels Sep 18, 2024
@davidcr01 davidcr01 mentioned this issue Sep 18, 2024
Closed
@wazuhci wazuhci moved this to Triage in Release 4.10.0 Sep 18, 2024
@wazuhci wazuhci moved this to Triage in XDR+SIEM/Release 5.0.0 Sep 18, 2024
@wazuhci wazuhci removed this from Release 4.10.0 Sep 18, 2024
@wazuhci wazuhci moved this from Triage to Backlog in XDR+SIEM/Release 5.0.0 Sep 19, 2024
@davidcr01 davidcr01 self-assigned this Sep 26, 2024
@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 Sep 26, 2024
@davidcr01
Copy link
Contributor Author

Update Report

PoC

The following PoC has been done to validate the new development. This development aims to use the apt-cache policy <package> and the yum list available <package> commands to check the available packages:

Debian case

root@ip-172-31-47-182:/home/ubuntu# apt-cache policy lsof
lsof:
  Installed: 4.93.2+dfsg-1.1build2
  Candidate: 4.93.2+dfsg-1.1build2
  Version table:
 *** 4.93.2+dfsg-1.1build2 500
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status
root@ip-172-31-47-182:/home/ubuntu# apt-cache policy lsof | grep -q "4.93.2" &> /dev/null

root@ip-172-31-47-182:/home/ubuntu# echo $?
0

# This version is not available
root@ip-172-31-47-182:/home/ubuntu# apt-cache policy lsof | grep -q "4.93.3" &> /dev/null

root@ip-172-31-47-182:/home/ubuntu# echo $?
1
root@ip-172-31-47-182:/home/ubuntu#

RPM case

[root@ip-172-31-41-54 ec2-user]# yum list available lsof-4.94.0
Last metadata expiration check: 2:05:01 ago on Fri Sep 27 10:00:14 2024.
Available Packages
lsof.x86_64                                     4.94.0-1.amzn2023.0.2                                     amazonlinux
[root@ip-172-31-41-54 ec2-user]# yum list available lsof-4.94.0 &> /dev/null

[root@ip-172-31-41-54 ec2-user]# echo $?
0

# This version is not available
[root@ip-172-31-41-54 ec2-user]# yum list available lsof-4.99.0 &> /dev/null

[root@ip-172-31-41-54 ec2-user]# echo $?
1
[root@ip-172-31-41-54 ec2-user]#

@davidcr01
Copy link
Contributor Author

Testing 🧪

The following testing has been performed to validate the development

Debian system

✔️ AIO installation 
27/09/2024 12:25:14 DEBUG: Checking root permissions.
27/09/2024 12:25:14 DEBUG: Checking sudo package.
27/09/2024 12:25:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 12:25:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 12:25:14 DEBUG: APT package manager will be used.
27/09/2024 12:25:14 DEBUG: Checking system distribution.
27/09/2024 12:25:14 DEBUG: Detected distribution name: ubuntu
27/09/2024 12:25:14 DEBUG: Detected distribution version: 22
27/09/2024 12:25:14 DEBUG: Checking Wazuh installation.
27/09/2024 12:25:15 DEBUG: Checking system architecture.
27/09/2024 12:25:15 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 12:25:17 INFO: Wazuh development repository added.
27/09/2024 12:25:17 DEBUG: Package wazuh-indexer (version 4.9.0) is available for installation.
27/09/2024 12:25:17 DEBUG: Removing GPG key from system.
27/09/2024 12:25:17 DEBUG: Package wazuh-manager (version 4.9.0) is available for installation.
27/09/2024 12:25:17 DEBUG: Removing GPG key from system.
27/09/2024 12:25:17 INFO: Wazuh GPG key not found in the system
27/09/2024 12:25:17 DEBUG: Package filebeat (version 7.10.2) is available for installation.
27/09/2024 12:25:17 DEBUG: Removing GPG key from system.
27/09/2024 12:25:17 INFO: Wazuh GPG key not found in the system
27/09/2024 12:25:17 DEBUG: Package wazuh-dashboard (version 4.9.0) is available for installation.
27/09/2024 12:25:17 DEBUG: Removing GPG key from system.
27/09/2024 12:25:17 INFO: Wazuh GPG key not found in the system
27/09/2024 12:25:17 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Err:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 12:25:21 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 12:25:21 DEBUG: CPU cores detected: 4
27/09/2024 12:25:21 DEBUG: Free RAM memory detected: 7847
27/09/2024 12:25:21 INFO: Wazuh web interface port will be 443.
27/09/2024 12:25:21 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Err:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 12:25:23 DEBUG: Installing prerequisites dependencies.
27/09/2024 12:25:26 DEBUG: Checking curl tool version.
27/09/2024 12:25:26 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
27/09/2024 12:25:27 INFO: Wazuh development repository added.
27/09/2024 12:25:27 INFO: --- Configuration files ---
27/09/2024 12:25:27 INFO: Generating configuration files.
27/09/2024 12:25:27 DEBUG: Creating Wazuh certificates.
27/09/2024 12:25:27 DEBUG: Reading configuration file.
27/09/2024 12:25:28 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:28 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:28 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:28 INFO: Generating the root certificate.
27/09/2024 12:25:28 INFO: Generating Admin certificates.
27/09/2024 12:25:28 DEBUG: Generating Admin private key.
27/09/2024 12:25:28 DEBUG: Converting Admin private key to PKCS8 format.
27/09/2024 12:25:28 DEBUG: Generating Admin CSR.
27/09/2024 12:25:28 DEBUG: Creating Admin certificate.
27/09/2024 12:25:28 INFO: Generating Wazuh indexer certificates.
27/09/2024 12:25:28 DEBUG: Creating the certificates for wazuh-indexer indexer node.
27/09/2024 12:25:28 DEBUG: Generating certificate configuration.
27/09/2024 12:25:28 DEBUG: Creating the Wazuh indexer tmp key pair.
27/09/2024 12:25:28 DEBUG: Creating the Wazuh indexer certificates.
27/09/2024 12:25:28 INFO: Generating Filebeat certificates.
27/09/2024 12:25:28 DEBUG: Generating the certificates for wazuh-server server node.
27/09/2024 12:25:28 DEBUG: Generating certificate configuration.
27/09/2024 12:25:28 DEBUG: Creating the Wazuh server tmp key pair.
27/09/2024 12:25:29 DEBUG: Creating the Wazuh server certificates.
27/09/2024 12:25:29 INFO: Generating Wazuh dashboard certificates.
27/09/2024 12:25:29 DEBUG: Generating certificate configuration.
27/09/2024 12:25:29 DEBUG: Creating the Wazuh dashboard tmp key pair.
27/09/2024 12:25:29 DEBUG: Creating the Wazuh dashboard certificates.
27/09/2024 12:25:29 DEBUG: Cleaning certificate files.
27/09/2024 12:25:29 DEBUG: Generating password file.
27/09/2024 12:25:29 DEBUG: Generating random passwords.
27/09/2024 12:25:29 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
27/09/2024 12:25:29 DEBUG: Extracting Wazuh configuration.
27/09/2024 12:25:29 DEBUG: Reading configuration file.
27/09/2024 12:25:29 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:29 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:29 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:29 INFO: --- Wazuh indexer ---
27/09/2024 12:25:29 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 216 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Selecting previously unselected package ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 12:25:49 DEBUG: Checking Wazuh installation.
27/09/2024 12:25:49 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:25:50 INFO: Wazuh indexer installation finished.
27/09/2024 12:25:50 DEBUG: Configuring Wazuh indexer.
27/09/2024 12:25:50 DEBUG: Copying Wazuh indexer certificates.
27/09/2024 12:25:50 INFO: Wazuh indexer post-install configuration finished.
27/09/2024 12:25:50 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
27/09/2024 12:26:02 INFO: wazuh-indexer service started.
27/09/2024 12:26:02 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
27/09/2024 12:26:05 INFO: Wazuh indexer cluster security configuration initialized.
27/09/2024 12:26:05 INFO: Wazuh indexer cluster initialized.
27/09/2024 12:26:05 INFO: --- Wazuh server ---
27/09/2024 12:26:05 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 12:26:49 DEBUG: Checking Wazuh installation.
27/09/2024 12:26:49 DEBUG: There are Wazuh remaining files.
27/09/2024 12:26:50 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:26:50 INFO: Wazuh manager installation finished.
27/09/2024 12:26:50 DEBUG: Configuring Wazuh manager.
27/09/2024 12:26:50 DEBUG: Setting provisional Wazuh indexer password.
27/09/2024 12:26:50 INFO: Wazuh manager vulnerability detection configuration finished.
27/09/2024 12:26:50 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
27/09/2024 12:27:05 INFO: wazuh-manager service started.
27/09/2024 12:27:05 INFO: Checking Wazuh API connection
27/09/2024 12:27:06 INFO: Wazuh API connection successful
27/09/2024 12:27:06 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 218 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 1s (17.7 MB/s) Selecting previously unse NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 12:27:16 DEBUG: Checking Wazuh installation.
27/09/2024 12:27:17 DEBUG: There are Wazuh remaining files.
27/09/2024 12:27:17 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:27:17 DEBUG: There are Filebeat remaining files.
27/09/2024 12:27:18 INFO: Filebeat installation finished.
27/09/2024 12:27:18 DEBUG: Configuring Filebeat.
27/09/2024 12:27:18 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
27/09/2024 12:27:18 DEBUG: Filebeat module was downloaded successfully.
27/09/2024 12:27:18 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 12:27:19 INFO: Filebeat post-install configuration finished.
27/09/2024 12:27:19 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
27/09/2024 12:27:20 INFO: filebeat service started.
27/09/2024 12:27:20 INFO: Checking Filebeat connection
27/09/2024 12:27:20 INFO: Filebeat connection successful
27/09/2024 12:27:20 INFO: --- Wazuh dashboard ---
27/09/2024 12:27:20 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 218 not upgraded. Need to get 166 MB of archives. After this operation, 934 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.9.0-2 [166 MB] Fetched 166 MB in 5s (33.8 MB/s) Selecting prev NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 12:29:38 DEBUG: Checking Wazuh installation.
27/09/2024 12:29:39 DEBUG: There are Wazuh remaining files.
27/09/2024 12:29:39 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:29:39 DEBUG: There are Filebeat remaining files.
27/09/2024 12:29:39 DEBUG: There are Wazuh dashboard remaining files.
27/09/2024 12:29:39 INFO: Wazuh dashboard installation finished.
27/09/2024 12:29:39 DEBUG: Configuring Wazuh dashboard.
27/09/2024 12:29:39 DEBUG: Copying Wazuh dashboard certificates.
27/09/2024 12:29:39 DEBUG: Wazuh dashboard certificate setup finished.
27/09/2024 12:29:39 INFO: Wazuh dashboard post-install configuration finished.
27/09/2024 12:29:39 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
27/09/2024 12:29:40 INFO: wazuh-dashboard service started.
27/09/2024 12:29:40 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 12:29:40 DEBUG: Checking Wazuh installation.
27/09/2024 12:29:40 DEBUG: There are Wazuh remaining files.
27/09/2024 12:29:41 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:29:41 DEBUG: There are Filebeat remaining files.
27/09/2024 12:29:41 DEBUG: There are Wazuh dashboard remaining files.
27/09/2024 12:29:41 INFO: Updating the internal users.
27/09/2024 12:29:41 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 12:29:44 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
27/09/2024 12:29:44 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
27/09/2024 12:29:44 DEBUG: The internal users have been updated before changing the passwords.
27/09/2024 12:29:44 DEBUG: Generating password hashes.
27/09/2024 12:29:50 DEBUG: Password hashes generated.
27/09/2024 12:29:50 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 12:29:52 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 12:29:52 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
27/09/2024 12:29:52 DEBUG: Restarting filebeat service...
27/09/2024 12:29:52 DEBUG: filebeat started.
27/09/2024 12:29:52 DEBUG: Restarting wazuh-manager service...
27/09/2024 12:30:08 DEBUG: wazuh-manager started.
27/09/2024 12:30:08 DEBUG: Restarting wazuh-dashboard service...
27/09/2024 12:30:09 DEBUG: wazuh-dashboard started.
27/09/2024 12:30:09 DEBUG: Running security admin tool.
27/09/2024 12:30:09 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
27/09/2024 12:30:11 DEBUG: Passwords changed.
27/09/2024 12:30:11 DEBUG: Changing API passwords.
27/09/2024 12:30:18 INFO: Initializing Wazuh dashboard web application.
27/09/2024 12:30:19 INFO: Wazuh dashboard web application initialized.
27/09/2024 12:30:19 INFO: --- Summary ---
27/09/2024 12:30:19 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: b7SDBn?RH5GKzMimZxB2?h.*2uZKSwJD
27/09/2024 12:30:19 DEBUG: Restoring Wazuh repository.
27/09/2024 12:30:19 INFO: Installation finished.
root@ip-172-31-47-182:/home/ubuntu#
✔️ Wazuh indexer installation 
root@ip-172-31-47-182:/home/ubuntu# cat indexer.txt 
27/09/2024 13:36:10 DEBUG: Checking root permissions.
27/09/2024 13:36:10 DEBUG: Checking sudo package.
27/09/2024 13:36:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:36:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:36:10 DEBUG: APT package manager will be used.
27/09/2024 13:36:10 DEBUG: Checking system distribution.
27/09/2024 13:36:10 DEBUG: Detected distribution name: ubuntu
27/09/2024 13:36:10 DEBUG: Detected distribution version: 22
27/09/2024 13:36:10 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:11 DEBUG: Checking system architecture.
27/09/2024 13:36:11 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:36:13 INFO: Wazuh development repository added.
27/09/2024 13:36:13 DEBUG: Package wazuh-indexer (version 4.9.0) is available for installation.
27/09/2024 13:36:13 DEBUG: Removing GPG key from system.
27/09/2024 13:36:13 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Err:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 13:36:16 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:36:16 DEBUG: CPU cores detected: 4
27/09/2024 13:36:16 DEBUG: Free RAM memory detected: 7847
27/09/2024 13:36:16 DEBUG: Checking previous certificate existence.
27/09/2024 13:36:16 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Err:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 13:36:18 DEBUG: Installing prerequisites dependencies.
27/09/2024 13:36:20 DEBUG: Checking curl tool version.
27/09/2024 13:36:20 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:36:21 INFO: Wazuh development repository added.
27/09/2024 13:36:21 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:36:21 DEBUG: Reading configuration file.
27/09/2024 13:36:21 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:21 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:21 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:21 DEBUG: Checking node names in the configuration file.
27/09/2024 13:36:21 INFO: --- Wazuh indexer ---
27/09/2024 13:36:21 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 216 not upgraded. Need to get 0 B/850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Selecting previously unselected package ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to star NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 13:36:39 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:40 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:36:41 INFO: Wazuh indexer installation finished.
27/09/2024 13:36:41 DEBUG: Configuring Wazuh indexer.
27/09/2024 13:36:41 DEBUG: Copying Wazuh indexer certificates.
27/09/2024 13:36:41 INFO: Wazuh indexer post-install configuration finished.
27/09/2024 13:36:41 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
27/09/2024 13:36:52 INFO: wazuh-indexer service started.
27/09/2024 13:36:52 INFO: Initializing Wazuh indexer cluster security settings.
27/09/2024 13:36:53 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:36:53 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:54 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:36:54 INFO: Wazuh indexer cluster initialized.
27/09/2024 13:36:54 DEBUG: Restoring Wazuh repository.
27/09/2024 13:36:54 INFO: Installation finished.
27/09/2024 13:36:54 DEBUG: Checking root permissions.
27/09/2024 13:36:54 DEBUG: Checking sudo package.
27/09/2024 13:36:54 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:36:54 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:36:54 DEBUG: APT package manager will be used.
27/09/2024 13:36:54 DEBUG: Checking system distribution.
27/09/2024 13:36:54 DEBUG: Detected distribution name: ubuntu
27/09/2024 13:36:54 DEBUG: Detected distribution version: 22
27/09/2024 13:36:54 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:56 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:36:56 DEBUG: Checking system architecture.
27/09/2024 13:36:56 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:36:58 INFO: Wazuh development repository added.
27/09/2024 13:36:58 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
27/09/2024 13:37:02 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:37:02 DEBUG: CPU cores detected: 4
27/09/2024 13:37:02 DEBUG: Free RAM memory detected: 7847
27/09/2024 13:37:02 DEBUG: Checking previous certificate existence.
27/09/2024 13:37:02 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:37:02 DEBUG: Reading configuration file.
27/09/2024 13:37:02 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:02 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:02 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:02 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
27/09/2024 13:37:04 INFO: Wazuh indexer cluster security configuration initialized.
27/09/2024 13:37:04 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
27/09/2024 13:37:10 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
27/09/2024 13:37:10 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:37:10 DEBUG: Checking Wazuh installation.
27/09/2024 13:37:10 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:37:11 INFO: Updating the internal users.
27/09/2024 13:37:11 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 13:37:13 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
27/09/2024 13:37:13 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
27/09/2024 13:37:13 DEBUG: The internal users have been updated before changing the passwords.
27/09/2024 13:37:13 DEBUG: Generating password hashes.
27/09/2024 13:37:18 DEBUG: Password hashes generated.
27/09/2024 13:37:18 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 13:37:20 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
27/09/2024 13:37:20 DEBUG: Running security admin tool.
27/09/2024 13:37:20 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
27/09/2024 13:37:22 DEBUG: Passwords changed.
27/09/2024 13:37:22 DEBUG: Restoring Wazuh repository.
27/09/2024 13:37:22 INFO: Wazuh indexer cluster started.
root@ip-172-31-47-182:/home/ubuntu#
✔️ Wazuh server installation 
root@ip-172-31-47-182:/home/ubuntu# cat manager.txt 
27/09/2024 13:37:22 DEBUG: Checking root permissions.
27/09/2024 13:37:22 DEBUG: Checking sudo package.
27/09/2024 13:37:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:37:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:37:22 DEBUG: APT package manager will be used.
27/09/2024 13:37:22 DEBUG: Checking system distribution.
27/09/2024 13:37:22 DEBUG: Detected distribution name: ubuntu
27/09/2024 13:37:22 DEBUG: Detected distribution version: 22
27/09/2024 13:37:22 DEBUG: Checking Wazuh installation.
27/09/2024 13:37:23 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:37:24 DEBUG: Checking system architecture.
27/09/2024 13:37:24 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:37:25 INFO: Wazuh development repository added.
27/09/2024 13:37:25 DEBUG: Package wazuh-manager (version 4.9.0) is available for installation.
27/09/2024 13:37:25 DEBUG: Removing GPG key from system.
27/09/2024 13:37:26 DEBUG: Package filebeat (version 7.10.2) is available for installation.
27/09/2024 13:37:26 DEBUG: Removing GPG key from system.
27/09/2024 13:37:26 INFO: Wazuh GPG key not found in the system
27/09/2024 13:37:26 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Err:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 13:37:29 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:37:29 DEBUG: CPU cores detected: 4
27/09/2024 13:37:29 DEBUG: Free RAM memory detected: 7847
27/09/2024 13:37:29 DEBUG: Checking previous certificate existence.
27/09/2024 13:37:29 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Err:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 13:37:31 DEBUG: Installing prerequisites dependencies.
27/09/2024 13:37:32 DEBUG: Checking curl tool version.
27/09/2024 13:37:32 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:37:34 INFO: Wazuh development repository added.
27/09/2024 13:37:34 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:37:34 DEBUG: Reading configuration file.
27/09/2024 13:37:34 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:34 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:34 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:34 DEBUG: Checking node names in the configuration file.
27/09/2024 13:37:34 INFO: --- Wazuh server ---
27/09/2024 13:37:34 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 0 B/322 MB of archives. After this operation, 891 MB of additional disk space will be used. Selecting pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 13:38:19 DEBUG: Checking Wazuh installation.
27/09/2024 13:38:19 DEBUG: There are Wazuh remaining files.
27/09/2024 13:38:19 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:38:20 INFO: Wazuh manager installation finished.
27/09/2024 13:38:20 DEBUG: Configuring Wazuh manager.
27/09/2024 13:38:20 DEBUG: Setting provisional Wazuh indexer password.
27/09/2024 13:38:20 INFO: Wazuh manager vulnerability detection configuration finished.
27/09/2024 13:38:20 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
27/09/2024 13:38:34 INFO: wazuh-manager service started.
27/09/2024 13:38:34 INFO: Checking Wazuh API connection
27/09/2024 13:38:34 INFO: Wazuh API connection successful
27/09/2024 13:38:34 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 218 not upgraded. Need to get 0 B/22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Selecting previously unselected package fil NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: filebeat.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 13:38:44 DEBUG: Checking Wazuh installation.
27/09/2024 13:38:44 DEBUG: There are Wazuh remaining files.
27/09/2024 13:38:45 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:38:45 DEBUG: There are Filebeat remaining files.
27/09/2024 13:38:45 INFO: Filebeat installation finished.
27/09/2024 13:38:45 DEBUG: Configuring Filebeat.
27/09/2024 13:38:45 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
27/09/2024 13:38:46 DEBUG: Filebeat module was downloaded successfully.
27/09/2024 13:38:46 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 13:38:48 INFO: Filebeat post-install configuration finished.
27/09/2024 13:38:48 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:38:48 DEBUG: Checking Wazuh installation.
27/09/2024 13:38:49 DEBUG: There are Wazuh remaining files.
27/09/2024 13:38:49 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:38:49 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 13:38:50 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
27/09/2024 13:38:50 DEBUG: Restarting filebeat service...
27/09/2024 13:38:51 DEBUG: filebeat started.
27/09/2024 13:38:51 DEBUG: Restarting wazuh-manager service...
27/09/2024 13:39:09 DEBUG: wazuh-manager started.
27/09/2024 13:39:09 DEBUG: Changing API passwords.
27/09/2024 13:39:12 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
27/09/2024 13:39:12 INFO: filebeat service started.
27/09/2024 13:39:12 INFO: Checking Filebeat connection
27/09/2024 13:39:13 INFO: Filebeat connection successful
27/09/2024 13:39:13 DEBUG: Restoring Wazuh repository.
27/09/2024 13:39:13 INFO: Installation finished.
root@ip-172-31-47-182:/home/ubuntu#
✔️ Wazuh dashboard installation 
root@ip-172-31-47-182:/home/ubuntu# cat dashboard.txt 
27/09/2024 13:39:13 DEBUG: Checking root permissions.
27/09/2024 13:39:13 DEBUG: Checking sudo package.
27/09/2024 13:39:13 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:39:13 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:39:13 DEBUG: APT package manager will be used.
27/09/2024 13:39:13 DEBUG: Checking system distribution.
27/09/2024 13:39:13 DEBUG: Detected distribution name: ubuntu
27/09/2024 13:39:13 DEBUG: Detected distribution version: 22
27/09/2024 13:39:13 DEBUG: Checking Wazuh installation.
27/09/2024 13:39:15 DEBUG: There are Wazuh remaining files.
27/09/2024 13:39:15 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:39:16 DEBUG: There are Filebeat remaining files.
27/09/2024 13:39:16 DEBUG: Checking system architecture.
27/09/2024 13:39:16 DEBUG: Adding the Wazuh repository.
gpg: key 96B3EE5F29111145: "Wazuh.com (Wazuh Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:39:18 INFO: Wazuh development repository added.
27/09/2024 13:39:18 DEBUG: Package wazuh-dashboard (version 4.9.0) is available for installation.
27/09/2024 13:39:18 DEBUG: Removing GPG key from system.
27/09/2024 13:39:18 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Err:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 13:39:23 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:39:23 DEBUG: CPU cores detected: 4
27/09/2024 13:39:23 DEBUG: Free RAM memory detected: 7847
27/09/2024 13:39:23 DEBUG: Checking previous certificate existence.
27/09/2024 13:39:23 INFO: Wazuh web interface port will be 443.
27/09/2024 13:39:23 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Err:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
Reading package lists...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages-dev.wazuh.com/pre-release/apt unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Failed to fetch https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 96B3EE5F29111145
W: Some index files failed to download. They have been ignored, or old ones used instead.
27/09/2024 13:39:26 DEBUG: Installing prerequisites dependencies.
27/09/2024 13:39:28 DEBUG: Checking curl tool version.
27/09/2024 13:39:28 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:39:30 INFO: Wazuh development repository added.
27/09/2024 13:39:30 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:39:30 DEBUG: Reading configuration file.
27/09/2024 13:39:30 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:39:30 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:39:30 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:39:30 DEBUG: Checking node names in the configuration file.
27/09/2024 13:39:30 INFO: --- Wazuh dashboard ----
27/09/2024 13:39:30 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 218 not upgraded. Need to get 0 B/166 MB of archives. After this operation, 934 MB of additional disk space will be used. Selecting previously unselected packag NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
27/09/2024 13:41:38 DEBUG: Checking Wazuh installation.
27/09/2024 13:41:38 DEBUG: There are Wazuh remaining files.
27/09/2024 13:41:38 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:41:39 DEBUG: There are Filebeat remaining files.
27/09/2024 13:41:39 DEBUG: There are Wazuh dashboard remaining files.
27/09/2024 13:41:39 INFO: Wazuh dashboard installation finished.
27/09/2024 13:41:39 DEBUG: Configuring Wazuh dashboard.
27/09/2024 13:41:39 DEBUG: Copying Wazuh dashboard certificates.
27/09/2024 13:41:39 DEBUG: Wazuh dashboard certificate setup finished.
27/09/2024 13:41:39 INFO: Wazuh dashboard post-install configuration finished.
27/09/2024 13:41:39 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
27/09/2024 13:41:39 INFO: wazuh-dashboard service started.
27/09/2024 13:41:39 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:41:39 DEBUG: Checking Wazuh installation.
27/09/2024 13:41:40 DEBUG: There are Wazuh remaining files.
27/09/2024 13:41:40 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:41:40 DEBUG: There are Filebeat remaining files.
27/09/2024 13:41:41 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 13:41:41 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
27/09/2024 13:41:41 DEBUG: Restarting filebeat service...
27/09/2024 13:41:41 DEBUG: filebeat started.
27/09/2024 13:41:41 DEBUG: Restarting wazuh-manager service...
27/09/2024 13:41:59 DEBUG: wazuh-manager started.
27/09/2024 13:41:59 DEBUG: Restarting wazuh-dashboard service...
27/09/2024 13:42:00 DEBUG: wazuh-dashboard started.
27/09/2024 13:42:00 DEBUG: Changing API passwords.
27/09/2024 13:42:10 INFO: Initializing Wazuh dashboard web application.
27/09/2024 13:42:11 DEBUG: Wazuh dashboard connection was successful.
27/09/2024 13:42:11 INFO: Wazuh dashboard web application initialized.
27/09/2024 13:42:11 INFO: --- Summary ---
27/09/2024 13:42:11 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: Z.vN4.P7+HgQ2P6IvPyKk04*JvSPlR1j
27/09/2024 13:42:11 DEBUG: Restoring Wazuh repository.
27/09/2024 13:42:11 INFO: Installation finished.
root@ip-172-31-47-182:/home/ubuntu#
✔️ Failure case: packages not available 
root@ip-172-31-47-182:/home/ubuntu# bash wazuh-install.sh -a -v
27/09/2024 13:47:14 DEBUG: Checking root permissions.
27/09/2024 13:47:14 DEBUG: Checking sudo package.
27/09/2024 13:47:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.1
27/09/2024 13:47:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:47:14 DEBUG: APT package manager will be used.
27/09/2024 13:47:14 DEBUG: Checking system distribution.
27/09/2024 13:47:14 DEBUG: Detected distribution name: ubuntu
27/09/2024 13:47:14 DEBUG: Detected distribution version: 22
27/09/2024 13:47:14 DEBUG: Checking Wazuh installation.
27/09/2024 13:47:15 DEBUG: Checking system architecture.
27/09/2024 13:47:15 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease
Reading package lists...
27/09/2024 13:47:17 INFO: Wazuh development repository added.
27/09/2024 13:47:17 ERROR: Package wazuh-indexer (version 4.10.1) is NOT available for installation.
27/09/2024 13:47:17 INFO: --- Removing existing Wazuh installation ---
27/09/2024 13:47:17 DEBUG: Removing GPG key from system.
27/09/2024 13:47:17 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
root@ip-172-31-47-182:/home/ubuntu#

RPM system

✔️ AIO installation 
[root@ip-172-31-41-54 ec2-user]# cat aio.txt 
27/09/2024 12:25:06 DEBUG: Checking root permissions.
27/09/2024 12:25:06 DEBUG: Checking sudo package.
27/09/2024 12:25:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 12:25:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 12:25:06 DEBUG: YUM package manager will be used.
27/09/2024 12:25:06 DEBUG: Checking system distribution.
27/09/2024 12:25:06 DEBUG: Detected distribution name: amzn
27/09/2024 12:25:06 DEBUG: Detected distribution version: 2023
27/09/2024 12:25:06 DEBUG: Checking Wazuh installation.
27/09/2024 12:25:06 DEBUG: Checking system architecture.
27/09/2024 12:25:06 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 12:25:06 INFO: Wazuh development repository added.
27/09/2024 12:25:07 DEBUG: Package wazuh-indexer (version 4.9.0) is available for installation.
27/09/2024 12:25:07 DEBUG: Removing GPG key from system.
27/09/2024 12:25:07 DEBUG: Package wazuh-manager (version 4.9.0) is available for installation.
27/09/2024 12:25:07 DEBUG: Removing GPG key from system.
27/09/2024 12:25:07 INFO: Wazuh GPG key not found in the system
27/09/2024 12:25:08 DEBUG: Package filebeat (version 7.10.2) is available for installation.
27/09/2024 12:25:08 DEBUG: Removing GPG key from system.
27/09/2024 12:25:08 INFO: Wazuh GPG key not found in the system
27/09/2024 12:25:08 DEBUG: Package wazuh-dashboard (version 4.9.0) is available for installation.
27/09/2024 12:25:08 DEBUG: Removing GPG key from system.
27/09/2024 12:25:08 INFO: Wazuh GPG key not found in the system
27/09/2024 12:25:08 DEBUG: Installing check dependencies.
27/09/2024 12:25:08 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 12:25:08 DEBUG: CPU cores detected: 4
27/09/2024 12:25:08 DEBUG: Free RAM memory detected: 7811
27/09/2024 12:25:08 INFO: Wazuh web interface port will be 443.
27/09/2024 12:25:08 DEBUG: Checking ports availability.
27/09/2024 12:25:08 DEBUG: Installing prerequisites dependencies.
27/09/2024 12:25:08 DEBUG: Checking curl tool version.
27/09/2024 12:25:08 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 12:25:09 INFO: Wazuh development repository added.
27/09/2024 12:25:09 INFO: --- Configuration files ---
27/09/2024 12:25:09 INFO: Generating configuration files.
27/09/2024 12:25:09 DEBUG: Creating Wazuh certificates.
27/09/2024 12:25:09 DEBUG: Reading configuration file.
27/09/2024 12:25:09 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:09 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:09 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:09 INFO: Generating the root certificate.
27/09/2024 12:25:09 INFO: Generating Admin certificates.
27/09/2024 12:25:09 DEBUG: Generating Admin private key.
27/09/2024 12:25:10 DEBUG: Converting Admin private key to PKCS8 format.
27/09/2024 12:25:10 DEBUG: Generating Admin CSR.
27/09/2024 12:25:10 DEBUG: Creating Admin certificate.
27/09/2024 12:25:10 INFO: Generating Wazuh indexer certificates.
27/09/2024 12:25:10 DEBUG: Creating the certificates for wazuh-indexer indexer node.
27/09/2024 12:25:10 DEBUG: Generating certificate configuration.
27/09/2024 12:25:10 DEBUG: Creating the Wazuh indexer tmp key pair.
27/09/2024 12:25:10 DEBUG: Creating the Wazuh indexer certificates.
27/09/2024 12:25:10 INFO: Generating Filebeat certificates.
27/09/2024 12:25:10 DEBUG: Generating the certificates for wazuh-server server node.
27/09/2024 12:25:10 DEBUG: Generating certificate configuration.
27/09/2024 12:25:10 DEBUG: Creating the Wazuh server tmp key pair.
27/09/2024 12:25:10 DEBUG: Creating the Wazuh server certificates.
27/09/2024 12:25:10 INFO: Generating Wazuh dashboard certificates.
27/09/2024 12:25:10 DEBUG: Generating certificate configuration.
27/09/2024 12:25:10 DEBUG: Creating the Wazuh dashboard tmp key pair.
27/09/2024 12:25:10 DEBUG: Creating the Wazuh dashboard certificates.
27/09/2024 12:25:10 DEBUG: Cleaning certificate files.
27/09/2024 12:25:10 DEBUG: Generating password file.
27/09/2024 12:25:10 DEBUG: Generating random passwords.
27/09/2024 12:25:11 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
27/09/2024 12:25:11 DEBUG: Extracting Wazuh configuration.
27/09/2024 12:25:11 DEBUG: Reading configuration file.
27/09/2024 12:25:11 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:11 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:11 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 12:25:11 INFO: --- Wazuh indexer ---
27/09/2024 12:25:11 INFO: Starting Wazuh indexer installation.
EL-2023.5.20240624 - Wazuh 11 kB/s | 3.5 kB 00:00 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.0-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.0-1.x86_64.rpm 106 MB/s | 813 MB 00:07 -------------------------------------------------------------------------------- Total 106 MB/s | 813 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 Installing : wazuh-indexer-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: wazuh-indexer-4.9.0-1.x86_64 Complete!
27/09/2024 12:25:40 DEBUG: Checking Wazuh installation.
27/09/2024 12:25:40 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:25:40 INFO: Wazuh indexer installation finished.
27/09/2024 12:25:40 DEBUG: Configuring Wazuh indexer.
27/09/2024 12:25:40 DEBUG: Copying Wazuh indexer certificates.
27/09/2024 12:25:40 INFO: Wazuh indexer post-install configuration finished.
27/09/2024 12:25:40 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
27/09/2024 12:25:52 INFO: wazuh-indexer service started.
27/09/2024 12:25:52 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
27/09/2024 12:25:56 INFO: Wazuh indexer cluster security configuration initialized.
27/09/2024 12:25:56 INFO: Wazuh indexer cluster initialized.
27/09/2024 12:25:56 INFO: --- Wazuh server ---
27/09/2024 12:25:56 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:00:45 ago on Fri Sep 27 12:25:11 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.0-1 wazuh 303 M Transaction Summary ================================================================================ Install 1 Package Total download size: 303 M Installed size: 857 M Downloading Packages: wazuh-manager-4.9.0-1.x86_64.rpm 102 MB/s | 303 MB 00:02 -------------------------------------------------------------------------------- Total 102 MB/s | 303 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains Installing : wazuh-manager-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 Verifying : wazuh-manager-4.9.0-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: wazuh-manager-4.9.0-1.x86_64 Complete!
27/09/2024 12:26:43 DEBUG: Checking Wazuh installation.
27/09/2024 12:26:43 DEBUG: There are Wazuh remaining files.
27/09/2024 12:26:43 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:26:43 INFO: Wazuh manager installation finished.
27/09/2024 12:26:43 DEBUG: Configuring Wazuh manager.
27/09/2024 12:26:43 DEBUG: Setting provisional Wazuh indexer password.
27/09/2024 12:26:43 INFO: Wazuh manager vulnerability detection configuration finished.
27/09/2024 12:26:43 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
27/09/2024 12:26:54 INFO: wazuh-manager service started.
27/09/2024 12:26:54 INFO: Checking Wazuh API connection
27/09/2024 12:26:55 INFO: Wazuh API connection successful
27/09/2024 12:26:55 INFO: Starting Filebeat installation.
Last metadata expiration check: 0:01:44 ago on Fri Sep 27 12:25:11 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 32 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 32 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: filebeat-7.10.2-1.x86_64 Complete!
27/09/2024 12:27:28 DEBUG: Checking Wazuh installation.
27/09/2024 12:27:29 DEBUG: There are Wazuh remaining files.
27/09/2024 12:27:29 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:27:29 DEBUG: There are Filebeat remaining files.
27/09/2024 12:27:29 INFO: Filebeat installation finished.
27/09/2024 12:27:29 DEBUG: Configuring Filebeat.
27/09/2024 12:27:29 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
27/09/2024 12:27:29 DEBUG: Filebeat module was downloaded successfully.
27/09/2024 12:27:29 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 12:27:29 INFO: Filebeat post-install configuration finished.
27/09/2024 12:27:29 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
27/09/2024 12:27:30 INFO: filebeat service started.
27/09/2024 12:27:30 INFO: Checking Filebeat connection
27/09/2024 12:27:30 INFO: Filebeat connection successful
27/09/2024 12:27:30 INFO: --- Wazuh dashboard ---
27/09/2024 12:27:30 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:02:20 ago on Fri Sep 27 12:25:11 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.0-2 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 848 M Downloading Packages: wazuh-dashboard-4.9.0-2.x86_64.rpm 36 MB/s | 253 MB 00:07 -------------------------------------------------------------------------------- Total 36 MB/s | 253 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.0-2.x86_64 1/1 [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains Installing : wazuh-dashboard-4.9.0-2.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.0-2.x86_64 1/1 Verifying : wazuh-dashboard-4.9.0-2.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: wazuh-dashboard-4.9.0-2.x86_64 Complete!
27/09/2024 12:29:01 DEBUG: Checking Wazuh installation.
27/09/2024 12:29:01 DEBUG: There are Wazuh remaining files.
27/09/2024 12:29:01 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:29:01 DEBUG: There are Filebeat remaining files.
27/09/2024 12:29:01 DEBUG: There are Wazuh dashboard remaining files.
27/09/2024 12:29:01 INFO: Wazuh dashboard installation finished.
27/09/2024 12:29:01 DEBUG: Configuring Wazuh dashboard.
27/09/2024 12:29:01 DEBUG: Copying Wazuh dashboard certificates.
27/09/2024 12:29:01 DEBUG: Wazuh dashboard certificate setup finished.
27/09/2024 12:29:01 INFO: Wazuh dashboard post-install configuration finished.
27/09/2024 12:29:01 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
27/09/2024 12:29:01 INFO: wazuh-dashboard service started.
27/09/2024 12:29:01 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 12:29:01 DEBUG: Checking Wazuh installation.
27/09/2024 12:29:01 DEBUG: There are Wazuh remaining files.
27/09/2024 12:29:01 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 12:29:01 DEBUG: There are Filebeat remaining files.
27/09/2024 12:29:02 DEBUG: There are Wazuh dashboard remaining files.
27/09/2024 12:29:02 INFO: Updating the internal users.
27/09/2024 12:29:02 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 12:29:05 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
27/09/2024 12:29:05 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
27/09/2024 12:29:05 DEBUG: The internal users have been updated before changing the passwords.
27/09/2024 12:29:05 DEBUG: Generating password hashes.
27/09/2024 12:29:10 DEBUG: Password hashes generated.
27/09/2024 12:29:10 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 12:29:13 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 12:29:13 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
27/09/2024 12:29:13 DEBUG: Restarting filebeat service...
27/09/2024 12:29:14 DEBUG: filebeat started.
27/09/2024 12:29:14 DEBUG: Restarting wazuh-manager service...
27/09/2024 12:29:29 DEBUG: wazuh-manager started.
27/09/2024 12:29:29 DEBUG: Restarting wazuh-dashboard service...
27/09/2024 12:29:30 DEBUG: wazuh-dashboard started.
27/09/2024 12:29:30 DEBUG: Running security admin tool.
27/09/2024 12:29:30 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
27/09/2024 12:29:33 DEBUG: Passwords changed.
27/09/2024 12:29:33 DEBUG: Changing API passwords.
27/09/2024 12:29:40 INFO: Initializing Wazuh dashboard web application.
27/09/2024 12:29:41 INFO: Wazuh dashboard web application initialized.
27/09/2024 12:29:41 INFO: --- Summary ---
27/09/2024 12:29:41 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: hL+iG32AR0ZH9elx5HxrYsSeTUmlW1*3
27/09/2024 12:29:41 DEBUG: Restoring Wazuh repository.
27/09/2024 12:29:41 INFO: Installation finished.
[root@ip-172-31-41-54 ec2-user]#
✔️ Wazuh indexer installation 
[root@ip-172-31-41-54 ec2-user]# cat indexer.txt 
27/09/2024 13:36:04 DEBUG: Checking root permissions.
27/09/2024 13:36:04 DEBUG: Checking sudo package.
27/09/2024 13:36:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:36:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:36:04 DEBUG: YUM package manager will be used.
27/09/2024 13:36:04 DEBUG: Checking system distribution.
27/09/2024 13:36:04 DEBUG: Detected distribution name: amzn
27/09/2024 13:36:04 DEBUG: Detected distribution version: 2023
27/09/2024 13:36:04 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:04 DEBUG: Checking system architecture.
27/09/2024 13:36:04 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:36:04 INFO: Wazuh development repository added.
27/09/2024 13:36:05 DEBUG: Package wazuh-indexer (version 4.9.0) is available for installation.
27/09/2024 13:36:05 DEBUG: Removing GPG key from system.
27/09/2024 13:36:05 DEBUG: Installing check dependencies.
27/09/2024 13:36:05 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:36:05 DEBUG: CPU cores detected: 4
27/09/2024 13:36:05 DEBUG: Free RAM memory detected: 7811
27/09/2024 13:36:05 DEBUG: Checking previous certificate existence.
27/09/2024 13:36:05 DEBUG: Checking ports availability.
27/09/2024 13:36:06 DEBUG: Installing prerequisites dependencies.
27/09/2024 13:36:06 DEBUG: Checking curl tool version.
27/09/2024 13:36:06 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:36:06 INFO: Wazuh development repository added.
27/09/2024 13:36:06 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:36:06 DEBUG: Reading configuration file.
27/09/2024 13:36:06 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:06 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:06 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:06 DEBUG: Checking node names in the configuration file.
27/09/2024 13:36:06 INFO: --- Wazuh indexer ---
27/09/2024 13:36:06 INFO: Starting Wazuh indexer installation.
EL-2023.5.20240624 - Wazuh 34 kB/s | 3.5 kB 00:00 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.0-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.0-1.x86_64.rpm 53 MB/s | 813 MB 00:15 -------------------------------------------------------------------------------- Total 53 MB/s | 813 MB 00:15 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 Installing : wazuh-indexer-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: wazuh-indexer-4.9.0-1.x86_64 Complete!
27/09/2024 13:36:43 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:43 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:36:43 INFO: Wazuh indexer installation finished.
27/09/2024 13:36:43 DEBUG: Configuring Wazuh indexer.
27/09/2024 13:36:43 DEBUG: Copying Wazuh indexer certificates.
27/09/2024 13:36:43 INFO: Wazuh indexer post-install configuration finished.
27/09/2024 13:36:43 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
27/09/2024 13:36:54 INFO: wazuh-indexer service started.
27/09/2024 13:36:54 INFO: Initializing Wazuh indexer cluster security settings.
27/09/2024 13:36:54 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:36:54 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:54 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:36:55 INFO: Wazuh indexer cluster initialized.
27/09/2024 13:36:55 DEBUG: Restoring Wazuh repository.
27/09/2024 13:36:55 INFO: Installation finished.
27/09/2024 13:36:55 DEBUG: Checking root permissions.
27/09/2024 13:36:55 DEBUG: Checking sudo package.
27/09/2024 13:36:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:36:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:36:55 DEBUG: YUM package manager will be used.
27/09/2024 13:36:55 DEBUG: Checking system distribution.
27/09/2024 13:36:55 DEBUG: Detected distribution name: amzn
27/09/2024 13:36:55 DEBUG: Detected distribution version: 2023
27/09/2024 13:36:55 DEBUG: Checking Wazuh installation.
27/09/2024 13:36:55 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:36:55 DEBUG: Checking system architecture.
27/09/2024 13:36:55 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:36:55 INFO: Wazuh development repository added.
27/09/2024 13:36:55 DEBUG: Installing check dependencies.
27/09/2024 13:36:55 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:36:55 DEBUG: CPU cores detected: 4
27/09/2024 13:36:55 DEBUG: Free RAM memory detected: 7811
27/09/2024 13:36:55 DEBUG: Checking previous certificate existence.
27/09/2024 13:36:55 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:36:55 DEBUG: Reading configuration file.
27/09/2024 13:36:56 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:56 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:56 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:36:56 DEBUG: Starting Wazuh indexer cluster.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
27/09/2024 13:36:59 INFO: Wazuh indexer cluster security configuration initialized.
27/09/2024 13:36:59 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
27/09/2024 13:37:04 DEBUG: Waiting for Wazuh indexer to be ready. wazuh-indexer status: 503
27/09/2024 13:37:09 DEBUG: Inserted wazuh-alerts template into the Wazuh indexer cluster.
27/09/2024 13:37:09 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:37:09 DEBUG: Checking Wazuh installation.
27/09/2024 13:37:09 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:37:09 INFO: Updating the internal users.
27/09/2024 13:37:09 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 13:37:11 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
27/09/2024 13:37:11 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
27/09/2024 13:37:11 DEBUG: The internal users have been updated before changing the passwords.
27/09/2024 13:37:11 DEBUG: Generating password hashes.
27/09/2024 13:37:16 DEBUG: Password hashes generated.
27/09/2024 13:37:16 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
27/09/2024 13:37:18 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
27/09/2024 13:37:18 DEBUG: Running security admin tool.
27/09/2024 13:37:18 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
27/09/2024 13:37:20 DEBUG: Passwords changed.
27/09/2024 13:37:20 DEBUG: Restoring Wazuh repository.
27/09/2024 13:37:20 INFO: Wazuh indexer cluster started.
[root@ip-172-31-41-54 ec2-user]#
✔️ Wazuh server installation 
[root@ip-172-31-41-54 ec2-user]# cat manager.txt 
27/09/2024 13:37:20 DEBUG: Checking root permissions.
27/09/2024 13:37:20 DEBUG: Checking sudo package.
27/09/2024 13:37:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:37:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:37:20 DEBUG: YUM package manager will be used.
27/09/2024 13:37:20 DEBUG: Checking system distribution.
27/09/2024 13:37:20 DEBUG: Detected distribution name: amzn
27/09/2024 13:37:20 DEBUG: Detected distribution version: 2023
27/09/2024 13:37:20 DEBUG: Checking Wazuh installation.
27/09/2024 13:37:20 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:37:20 DEBUG: Checking system architecture.
27/09/2024 13:37:20 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:37:20 INFO: Wazuh development repository added.
27/09/2024 13:37:21 DEBUG: Package wazuh-manager (version 4.9.0) is available for installation.
27/09/2024 13:37:21 DEBUG: Removing GPG key from system.
27/09/2024 13:37:21 DEBUG: Package filebeat (version 7.10.2) is available for installation.
27/09/2024 13:37:21 DEBUG: Removing GPG key from system.
27/09/2024 13:37:21 INFO: Wazuh GPG key not found in the system
27/09/2024 13:37:21 DEBUG: Installing check dependencies.
27/09/2024 13:37:22 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:37:22 DEBUG: CPU cores detected: 4
27/09/2024 13:37:22 DEBUG: Free RAM memory detected: 7811
27/09/2024 13:37:22 DEBUG: Checking previous certificate existence.
27/09/2024 13:37:22 DEBUG: Checking ports availability.
27/09/2024 13:37:22 DEBUG: Checking curl tool version.
27/09/2024 13:37:22 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:37:22 INFO: Wazuh development repository added.
27/09/2024 13:37:22 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:37:22 DEBUG: Reading configuration file.
27/09/2024 13:37:22 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:22 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:22 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:37:22 DEBUG: Checking node names in the configuration file.
27/09/2024 13:37:22 INFO: --- Wazuh server ---
27/09/2024 13:37:22 INFO: Starting the Wazuh manager installation.
EL-2023.5.20240624 - Wazuh 11 kB/s | 3.5 kB 00:00 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.0-1 wazuh 303 M Transaction Summary ================================================================================ Install 1 Package Total download size: 303 M Installed size: 857 M Downloading Packages: wazuh-manager-4.9.0-1.x86_64.rpm 56 MB/s | 303 MB 00:05 -------------------------------------------------------------------------------- Total 56 MB/s | 303 MB 00:05 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains Installing : wazuh-manager-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 Verifying : wazuh-manager-4.9.0-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: wazuh-manager-4.9.0-1.x86_64 Complete!
27/09/2024 13:38:12 DEBUG: Checking Wazuh installation.
27/09/2024 13:38:12 DEBUG: There are Wazuh remaining files.
27/09/2024 13:38:12 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:38:12 INFO: Wazuh manager installation finished.
27/09/2024 13:38:12 DEBUG: Configuring Wazuh manager.
27/09/2024 13:38:12 DEBUG: Setting provisional Wazuh indexer password.
27/09/2024 13:38:12 INFO: Wazuh manager vulnerability detection configuration finished.
27/09/2024 13:38:12 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
27/09/2024 13:38:22 INFO: wazuh-manager service started.
27/09/2024 13:38:22 INFO: Checking Wazuh API connection
27/09/2024 13:38:22 INFO: Attempt 1: Trying to get Wazuh API token
27/09/2024 13:38:25 INFO: Wazuh API connection successful
27/09/2024 13:38:25 INFO: Starting Filebeat installation.
Last metadata expiration check: 0:01:03 ago on Fri Sep 27 13:37:23 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 26 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 26 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: filebeat-7.10.2-1.x86_64 Complete!
27/09/2024 13:38:57 DEBUG: Checking Wazuh installation.
27/09/2024 13:38:57 DEBUG: There are Wazuh remaining files.
27/09/2024 13:38:57 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:38:57 DEBUG: There are Filebeat remaining files.
27/09/2024 13:38:57 INFO: Filebeat installation finished.
27/09/2024 13:38:57 DEBUG: Configuring Filebeat.
27/09/2024 13:38:57 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
27/09/2024 13:38:57 DEBUG: Filebeat module was downloaded successfully.
27/09/2024 13:38:57 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 13:39:00 INFO: Filebeat post-install configuration finished.
27/09/2024 13:39:00 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:39:00 DEBUG: Checking Wazuh installation.
27/09/2024 13:39:00 DEBUG: There are Wazuh remaining files.
27/09/2024 13:39:00 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:39:00 DEBUG: There are Filebeat remaining files.
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 13:39:00 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
27/09/2024 13:39:00 DEBUG: Restarting filebeat service...
27/09/2024 13:39:01 DEBUG: filebeat started.
27/09/2024 13:39:01 DEBUG: Restarting wazuh-manager service...
27/09/2024 13:39:17 DEBUG: wazuh-manager started.
27/09/2024 13:39:17 DEBUG: Changing API passwords.
27/09/2024 13:39:19 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
27/09/2024 13:39:20 INFO: filebeat service started.
27/09/2024 13:39:20 INFO: Checking Filebeat connection
27/09/2024 13:39:20 INFO: Filebeat connection successful
27/09/2024 13:39:20 DEBUG: Restoring Wazuh repository.
27/09/2024 13:39:20 INFO: Installation finished.
[root@ip-172-31-41-54 ec2-user]#
✔️ Wazuh dashboard installation 
[root@ip-172-31-41-54 ec2-user]# cat dashboard.txt 
27/09/2024 13:39:20 DEBUG: Checking root permissions.
27/09/2024 13:39:20 DEBUG: Checking sudo package.
27/09/2024 13:39:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
27/09/2024 13:39:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:39:20 DEBUG: YUM package manager will be used.
27/09/2024 13:39:20 DEBUG: Checking system distribution.
27/09/2024 13:39:20 DEBUG: Detected distribution name: amzn
27/09/2024 13:39:20 DEBUG: Detected distribution version: 2023
27/09/2024 13:39:20 DEBUG: Checking Wazuh installation.
27/09/2024 13:39:20 DEBUG: There are Wazuh remaining files.
27/09/2024 13:39:20 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:39:20 DEBUG: There are Filebeat remaining files.
27/09/2024 13:39:20 DEBUG: Checking system architecture.
27/09/2024 13:39:20 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:39:20 INFO: Wazuh development repository added.
27/09/2024 13:39:21 DEBUG: Package wazuh-dashboard (version 4.9.0) is available for installation.
27/09/2024 13:39:21 DEBUG: Removing GPG key from system.
27/09/2024 13:39:21 DEBUG: Installing check dependencies.
27/09/2024 13:39:21 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/09/2024 13:39:21 DEBUG: CPU cores detected: 4
27/09/2024 13:39:21 DEBUG: Free RAM memory detected: 7811
27/09/2024 13:39:21 DEBUG: Checking previous certificate existence.
27/09/2024 13:39:21 INFO: Wazuh web interface port will be 443.
27/09/2024 13:39:21 DEBUG: Checking ports availability.
27/09/2024 13:39:22 DEBUG: Installing prerequisites dependencies.
27/09/2024 13:39:22 DEBUG: Checking curl tool version.
27/09/2024 13:39:22 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:39:22 INFO: Wazuh development repository added.
27/09/2024 13:39:22 DEBUG: Extracting Wazuh configuration.
27/09/2024 13:39:22 DEBUG: Reading configuration file.
27/09/2024 13:39:22 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:39:22 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:39:22 DEBUG: Checking if 127.0.0.1 is private.
27/09/2024 13:39:22 DEBUG: Checking node names in the configuration file.
27/09/2024 13:39:22 INFO: --- Wazuh dashboard ----
27/09/2024 13:39:22 INFO: Starting Wazuh dashboard installation.
EL-2023.5.20240624 - Wazuh 10 kB/s | 3.5 kB 00:00 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.0-2 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 848 M Downloading Packages: wazuh-dashboard-4.9.0-2.x86_64.rpm 39 MB/s | 253 MB 00:06 -------------------------------------------------------------------------------- Total 39 MB/s | 253 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.0-2.x86_64 1/1 [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains Installing : wazuh-dashboard-4.9.0-2.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.0-2.x86_64 1/1 Verifying : wazuh-dashboard-4.9.0-2.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.5.20240701: Run the following command to upgrade to 2023.5.20240701: dnf upgrade --releasever=2023.5.20240701 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html Version 2023.5.20240708: Run the following command to upgrade to 2023.5.20240708: dnf upgrade --releasever=2023.5.20240708 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240708.html Version 2023.5.20240722: Run the following command to upgrade to 2023.5.20240722: dnf upgrade --releasever=2023.5.20240722 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240722.html Version 2023.5.20240730: Run the following command to upgrade to 2023.5.20240730: dnf upgrade --releasever=2023.5.20240730 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240730.html Version 2023.5.20240805: Run the following command to upgrade to 2023.5.20240805: dnf upgrade --releasever=2023.5.20240805 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240805.html Version 2023.5.20240819: Run the following command to upgrade to 2023.5.20240819: dnf upgrade --releasever=2023.5.20240819 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240819.html Version 2023.5.20240903: Run the following command to upgrade to 2023.5.20240903: dnf upgrade --releasever=2023.5.20240903 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240903.html Version 2023.5.20240916: Run the following command to upgrade to 2023.5.20240916: dnf upgrade --releasever=2023.5.20240916 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240916.html ================================================================================ Installed: wazuh-dashboard-4.9.0-2.x86_64 Complete!
27/09/2024 13:40:53 DEBUG: Checking Wazuh installation.
27/09/2024 13:40:53 DEBUG: There are Wazuh remaining files.
27/09/2024 13:40:53 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:40:53 DEBUG: There are Filebeat remaining files.
27/09/2024 13:40:53 DEBUG: There are Wazuh dashboard remaining files.
27/09/2024 13:40:53 INFO: Wazuh dashboard installation finished.
27/09/2024 13:40:53 DEBUG: Configuring Wazuh dashboard.
27/09/2024 13:40:53 DEBUG: Copying Wazuh dashboard certificates.
27/09/2024 13:40:53 DEBUG: Wazuh dashboard certificate setup finished.
27/09/2024 13:40:53 INFO: Wazuh dashboard post-install configuration finished.
27/09/2024 13:40:53 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
27/09/2024 13:40:54 INFO: wazuh-dashboard service started.
27/09/2024 13:40:54 DEBUG: Setting Wazuh indexer cluster passwords.
27/09/2024 13:40:54 DEBUG: Checking Wazuh installation.
27/09/2024 13:40:54 DEBUG: There are Wazuh remaining files.
27/09/2024 13:40:54 DEBUG: There are Wazuh indexer remaining files.
27/09/2024 13:40:54 DEBUG: There are Filebeat remaining files.
27/09/2024 13:40:54 DEBUG: There are Wazuh dashboard remaining files.
Successfully updated the keystore
Successfully updated the keystore
27/09/2024 13:40:54 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
27/09/2024 13:40:54 DEBUG: Restarting filebeat service...
27/09/2024 13:40:55 DEBUG: filebeat started.
27/09/2024 13:40:55 DEBUG: Restarting wazuh-manager service...
27/09/2024 13:41:11 DEBUG: wazuh-manager started.
27/09/2024 13:41:12 DEBUG: Restarting wazuh-dashboard service...
27/09/2024 13:41:13 DEBUG: wazuh-dashboard started.
27/09/2024 13:41:13 DEBUG: Changing API passwords.
27/09/2024 13:41:28 INFO: Initializing Wazuh dashboard web application.
27/09/2024 13:41:28 DEBUG: Wazuh dashboard connection was successful.
27/09/2024 13:41:28 INFO: Wazuh dashboard web application initialized.
27/09/2024 13:41:28 INFO: --- Summary ---
27/09/2024 13:41:28 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: Za9X3iq6q4I+EkV0p*I6atp6SD0yZjmW
27/09/2024 13:41:28 DEBUG: Restoring Wazuh repository.
27/09/2024 13:41:28 INFO: Installation finished.
[root@ip-172-31-41-54 ec2-user]#
✔️ Failure case: packages not available 
[root@ip-172-31-41-54 ec2-user]# bash wazuh-install.sh -a -v
27/09/2024 13:46:52 DEBUG: Checking root permissions.
27/09/2024 13:46:52 DEBUG: Checking sudo package.
27/09/2024 13:46:52 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.1
27/09/2024 13:46:52 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/09/2024 13:46:52 DEBUG: YUM package manager will be used.
27/09/2024 13:46:52 DEBUG: Checking system distribution.
27/09/2024 13:46:52 DEBUG: Detected distribution name: amzn
27/09/2024 13:46:52 DEBUG: Detected distribution version: 2023
27/09/2024 13:46:52 DEBUG: Checking Wazuh installation.
27/09/2024 13:46:52 DEBUG: Checking system architecture.
27/09/2024 13:46:52 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
27/09/2024 13:46:53 INFO: Wazuh development repository added.
27/09/2024 13:46:53 ERROR: Package wazuh-indexer (version 4.10.1) is NOT available for installation.
27/09/2024 13:46:53 INFO: --- Removing existing Wazuh installation ---
27/09/2024 13:46:53 DEBUG: Removing GPG key from system.
27/09/2024 13:46:54 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
[root@ip-172-31-41-54 ec2-user]#

@davidcr01 davidcr01 mentioned this issue Sep 27, 2024
Merged
@davidcr01 davidcr01 linked a pull request Sep 27, 2024 that will close this issue
Added available packages check before installation #80
Merged
@wazuhci wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 5.0.0 Sep 27, 2024
@wazuhci wazuhci moved this from Pending review to Done in XDR+SIEM/Release 5.0.0 Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidcr01 davidcr01

Labels
level/task Task issue type/change Change performed in a resource or Wazuh Cloud environment
Projects
XDR+SIEM/Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added available packages check before installation wazuh/wazuh-installation-assistant
1 participant
@davidcr01