Bump Wazuh indexer to OpenSearch 2.8.0

[rauldpm]

Description

It is necessary to adapt the Wazuh indexer to version 2.8.0 of OpenSearch
Request: https://github.com/wazuh/internal-devel-requests/issues/194

Tasks

• Bump OpenSearch version

  wazuh-packages/stack/indexer/base/builder.sh

  Line 19 in 55cfe35

  opensearch_version="2.6.0"

• Build the package locally
  • RPM
  • DEB
• Test the package (CentOS/Debian)
  • Install
  • Upgrade
  • Remove
  • Logs
  • Alerts
  • Versions references
• Modify https://github.com/wazuh/wazuh-packages/blob/master/README.md matrix with the new version
• Test the package using the Test_stack pipeline

Validation

• The package presents normal operation and without errors

---

Working branch

• https://github.com/wazuh/wazuh-packages/tree/2391-bump-wazuh-indexer

[Deblintrake09]

Update 30/08/2023

• Bumped opensearch version to 2.8.0
• Tried to generate new version.
  • Found permission errors caused by files versions and names changing

[rauldpm]

Update report

• I am working on the Wazuh indexer RPM package
• Changed base version on custom branch, building package
• Build failed due to missing files
  • wazuh-indexer-rpm.log

Missing RPM files

RPM build errors:
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/sqlite-jdbc-3.32.3.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/guava-31.1-android.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-annotations-2.14.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-core-2.14.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-databind-2.14.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-buffer-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http2-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-socks-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-common-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-proxy-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-resolver-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-native-unix-common-4.1.86.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/performance-analyzer-rca-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/protobuf-java-3.21.12.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/checker-qual-3.12.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/snakeyaml-1.33.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/java-version-checker-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-core-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-cbor-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-smile-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-yaml-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-cli-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-core-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-geo-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-launchers-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-plugin-classloader-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-secure-sm-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-x-content-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/opensearch-common-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-analysis-common-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-backward-codecs-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-core-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-grouping-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-highlighter-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-join-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-memory-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-misc-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-queries-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-queryparser-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-sandbox-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-spatial-extras-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-spatial3d-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-suggest-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/keystore-cli/keystore-cli-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/plugin-cli/opensearch-plugin-cli-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-annotations-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-core-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-databind-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/opensearch-upgrade-cli-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-observability/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-observability/guava-31.0.1-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-observability/opensearch-observability-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-observability/json-20220924.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-20180813.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/guava-31.0.1-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/opensearch-reports-scheduler-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/geo-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-lang3-3.10.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/json-20180813.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/common-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/core-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-annotations-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-databind-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/legacy-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-ml-client-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-sql-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-ssl-config-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/parent-join-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/ppl-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/protocol-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/reindex-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/spring-aop-5.3.22.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/spring-beans-5.3.22.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/spring-context-5.3.22.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/spring-core-5.3.22.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/spring-expression-5.3.22.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/spring-jcl-5.3.22.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/sql-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/prometheus-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/opensearch-cross-cluster-replication-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-knn/opensearch-knn-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-1.6.10.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-common-1.6.10.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-jdk7-1.6.10.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/opensearch-index-management-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/opensearch-index-management-spi-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/sqlite-jdbc-3.32.3.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/annotations-4.1.1.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/javax.annotation-api-1.3.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/commons-io-2.7.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/animal-sniffer-annotations-1.21.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcutil-jdk15on-1.70.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-api-1.52.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-context-1.52.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-core-1.52.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-netty-1.52.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-protobuf-1.52.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-protobuf-lite-1.52.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-stub-1.52.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-annotations-2.14.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-databind-2.14.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.14.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-buffer-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http2-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-socks-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-common-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-proxy-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-resolver-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-native-unix-common-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/opensearch-performance-analyzer-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/perfmark-api-0.25.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/performanceanalyzer-rca-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/protobuf-java-3.21.12.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/proto-google-common-protos-2.9.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-spi-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/lz4-java-1.7.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/json-smart-2.4.7.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/aggs-matrix-stats-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jackson-annotations-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/lang-mustache-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/mapper-extras-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-buffer-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-http-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-common-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-handler-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-resolver-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-native-unix-common-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-high-level-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-security-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/parent-join-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/rank-eval-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/snappy-java-1.1.8.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/transport-netty4-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.5.0-2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jackson-databind-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/kafka-clients-3.0.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/opensearch-security-analytics-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-ml-client-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/opensearch-asynchronous-search-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/failureaccess-1.0.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/guava-31.0.1-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-anomaly-detection-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-geospatial/geo-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-geospatial/h3-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/alerting-core-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-alerting-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/percolator-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-annotations-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-databind-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-algorithms-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-common-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/protobuf-java-3.21.9.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-annotations-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-databind-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/opensearch-notifications-core-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/opensearch-notifications-core-spi-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications/common-utils-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications/opensearch-notifications-2.6.0.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-common/ingest-common-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-common/opensearch-dissect-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-common/opensearch-grok-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/geo/geo-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-geoip/ingest-geoip-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-geoip/jackson-annotations-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-geoip/jackson-databind-2.14.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/percolator/percolator-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/analysis-common/analysis-common-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/aggs-matrix-stats/aggs-matrix-stats-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/repository-url/repository-url-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-mustache/lang-mustache-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/systemd/systemd-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/transport-netty4-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-buffer-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-http-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-common-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-handler-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-resolver-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-native-unix-common-4.1.87.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-expression/lang-expression-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-expression/asm-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-expression/asm-commons-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-expression/asm-tree-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-expression/lucene-expressions-9.5.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-painless/lang-painless-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-painless/opensearch-scripting-painless-spi-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-painless/asm-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-painless/asm-analysis-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-painless/asm-commons-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-painless/asm-tree-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-painless/asm-util-9.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/rank-eval/rank-eval-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/reindex-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-dashboards-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-ssl-config-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-user-agent/ingest-user-agent-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/mapper-extras/mapper-extras-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/parent-join/parent-join-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/reindex-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/opensearch-rest-client-2.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/opensearch-ssl-config-2.6.0.jar

• After a huddle with @c-bordon, the context in which so many files are specified in the SPECS files has become known. This is due to following good practices and having control of the files, in the case of the Wazuh dashboard, as the change list is so big (~75k) several recursive finds are performed to modify the permissions without the group bits (755 -> 750)
• This permission change was made from the beginning of Stack development (1.2.0) at the request of Wazuh management.
• Since there are too many files to maintain between versions, the decision will be made to follow the same plan as the Wazuh dashboard in the Wazuh indexer, modifying the files in the base package itself recursively.
• RPM SPECS does not accept Linux commands in the %files section

error: File must begin with "/": 750
error: File must begin with "/": {}
error: File must begin with "/": \;
error: File must begin with "/": find
error: File must begin with "/": $(INSTALL_DIR)
error: File must begin with "/": -type
error: File must begin with "/": f
error: File must begin with "/": -perm
error: File must begin with "/": 744
error: File must begin with "/": -exec
error: File must begin with "/": chmod
error: File must begin with "/": 740
error: File must begin with "/": {}
error: File must begin with "/": \;

• Wazuh indexer Debian package built successfully

dpkg-deb: building package `wazuh-indexer' in `../wazuh-indexer_4.6.0-1_amd64.deb'.
 dpkg-genchanges -b >../wazuh-indexer_4.6.0-1_amd64.changes
dpkg-genchanges: binary-only upload (no source code included)
 dpkg-source --after-build wazuh-indexer-4.6.0
dpkg-buildpackage: binary-only upload (no source included)

WARNING generated by debuild:
Making debian/rules executable!

Package wazuh-indexer_4.6.0-1_amd64.deb.sha512 added to /wazuh-packages/2391/stack/indexer/deb/output.

[Deblintrake09]

Testing on debian package

• Install 🟢

# apt install -f /home/qa/wazuh-packages/stack/indexer/deb/output/wazuh-indexer_4.6.0-1_amd64.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of '/home/qa/wazuh-packages/stack/indexer/deb/output/wazuh-indexer_4.6.0-1_amd64.deb'
The following packages were automatically installed and are no longer required:
  libpython2-dev libpython2.7 libpython2.7-dev linux-image-5.13.0-1021-aws linux-modules-5.13.0-1021-aws python2-dev python2.7-dev
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/685 MB of archives.
After this operation, 969 MB of additional disk space will be used.
Get:1 /home/qa/wazuh-packages/stack/indexer/deb/output/wazuh-indexer_4.6.0-1_amd64.deb wazuh-indexer amd64 4.6.0-1 [685 MB]
Selecting previously unselected package wazuh-indexer.
(Reading database ... 120151 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.6.0-1_amd64.deb ...
Unpacking wazuh-indexer (4.6.0-1) ...
Setting up wazuh-indexer (4.6.0-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3) ...
Scanning processes...                                                                                                                                                                                      
Scanning linux images...                                                                                                                                                                                   

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

• Uninstall 🟢

# apt remove --purge wazuh-indexer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libpython2-dev libpython2.7 libpython2.7-dev linux-image-5.13.0-1021-aws linux-modules-5.13.0-1021-aws python2-dev python2.7-dev
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 969 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 121240 files and directories currently installed.)
Removing wazuh-indexer (4.6.0-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 120151 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.6.0-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed

[Deblintrake09]

Local Testing on RPM package

• Build 🟢

Provides: wazuh-indexer = 4.6.0-1 wazuh-indexer(x86-64) = 4.6.0-1
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires(posttrans): /bin/sh
Checking for unpackaged file(s): /usr/lib/rpm/check-files /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64
Wrote: /build/rpmbuild/SRPMS/wazuh-indexer-4.6.0-1.src.rpm
Wrote: /build/rpmbuild/RPMS/x86_64/wazuh-indexer-4.6.0-1.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.AqiN0q
+ umask 022
+ cd /build/rpmbuild/BUILD
+ rm -fr /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64
+ exit 0
+ cd /build/rpmbuild/RPMS/x86_64
+ sha512sum wazuh-indexer-4.6.0-1.x86_64.rpm
+ find /build/rpmbuild/RPMS/x86_64/ -maxdepth 3 -type f -name 'wazuh-indexer-4.6.0-1*' -exec mv '{}' /tmp/ ';'
++ ls -Art /home/qa/wazuh-packages/stack/indexer/rpm/output
++ tail -n 1
+ echo 'Package wazuh-indexer-4.6.0-1.x86_64.rpm.sha512 added to /home/qa/wazuh-packages/stack/indexer/rpm/output.'
Package wazuh-indexer-4.6.0-1.x86_64.rpm.sha512 added to /home/qa/wazuh-packages/stack/indexer/rpm/output.

• Install 🟢

# yum install output/wazuh-indexer-4.6.0-1.x86_64.rpm
Última comprobación de caducidad de metadatos hecha hace 2:35:51, el jue 31 ago 2023 19:05:10 UTC.
Dependencias resueltas.
===========================================================================================================================================================================================================
 Paquete                                             Arquitectura                                 Versión                                         Repositorio                                         Tam.
===========================================================================================================================================================================================================
Instalando:
 wazuh-indexer                                       x86_64                                       4.6.0-1                                         @commandline                                       673 M

Resumen de la transacción
===========================================================================================================================================================================================================
Instalar  1 Paquete

Tamaño total: 673 M
Tamaño instalado: 930 M
¿Está de acuerdo [s/N]?: s
Descargando paquetes:
Ejecutando verificación de operación
Verificación de operación exitosa.
Ejecutando prueba de operaciones
Prueba de operación exitosa.
Ejecutando operación
  Preparando          :                                                                                                                                                                                1/1 
  Ejecutando scriptlet: wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 
  Instalando          : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 
  Ejecutando scriptlet: wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

[/usr/lib/tmpfiles.d/pesign.conf:1] Line references path below legacy directory /var/run/, updating /var/run/pesign → /run/pesign; please update the tmpfiles.d/ drop-in file accordingly.

  Verificando         : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 

Instalado:
  wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                             

¡Listo!

• Remove 🟢

# yum remove -y wazuh-indexer
Dependencias resueltas.
===========================================================================================================================================================================================================
 Paquete                                             Arquitectura                                 Versión                                        Repositorio                                          Tam.
===========================================================================================================================================================================================================
Eliminando:
 wazuh-indexer                                       x86_64                                       4.6.0-1                                        @@commandline                                       930 M

Resumen de la transacción
===========================================================================================================================================================================================================
Eliminar  1 Paquete

Espacio liberado: 930 M
Ejecutando verificación de operación
Verificación de operación exitosa.
Ejecutando prueba de operaciones
Prueba de operación exitosa.
Ejecutando operación
  Preparando          :                                                                                                                                                                                1/1 
  Ejecutando scriptlet: wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 
Stopping wazuh-indexer service... OK

  Eliminando          : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 
  Ejecutando scriptlet: wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 
  Verificando         : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                   1/1 

Eliminado:
  wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                             

¡Listo!

[Deblintrake09]

Update Report

Package building has been sucessful for RPM and Debian in Jenkins:

• RPM: https://ci.wazuh.info/view/Packages/job/Packages_builder/163730/
• Debian: https://ci.wazuh.info/view/Packages/job/Packages_builder/163663/

Testing on the test_stack:

• Debian: https://ci.wazuh.info/job/Test_stack_tier/73/
• RPM: https://ci.wazuh.info/job/Test_stack_tier/74/

[Deblintrake09]

Update report - Local test of RPM stack

Installed Indexer 🟢

31/08/2023 22:37:45 INFO: --- Wazuh indexer ---
31/08/2023 22:37:45 INFO: Starting Wazuh indexer installation.
31/08/2023 22:39:03 INFO: Wazuh indexer installation finished.
31/08/2023 22:39:04 INFO: Wazuh indexer post-install configuration finished.
31/08/2023 22:39:04 INFO: Starting service wazuh-indexer.
31/08/2023 22:39:15 INFO: wazuh-indexer service started.
31/08/2023 22:39:15 INFO: Initializing Wazuh indexer cluster security settings.
31/08/2023 22:39:18 INFO: Wazuh indexer cluster initialized.
31/08/2023 22:39:18 INFO: Installation finished.
[root@ip-172-31-14-71 /]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-08-31 22:39:15 UTC; 21s ago
     Docs: https://documentation.wazuh.com/
 Main PID: 53213 (java)
    Tasks: 69 (limit: 47400)
   Memory: 4.0G
   CGroup: /system.slice/wazuh-indexer.service
           └─53213 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea>

ago 31 22:39:04 ip-172-31-14-71.ec2.internal systemd[1]: Starting Wazuh-indexer...
ago 31 22:39:06 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: A terminally deprecated method in java.lang.System has been called
ago 31 22:39:06 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/open>
ago 31 22:39:06 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
ago 31 22:39:06 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: System::setSecurityManager will be removed in a future release
ago 31 22:39:07 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: A terminally deprecated method in java.lang.System has been called
ago 31 22:39:07 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opense>
ago 31 22:39:07 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
ago 31 22:39:07 ip-172-31-14-71.ec2.internal systemd-entrypoint[53213]: WARNING: System::setSecurityManager will be removed in a future release
ago 31 22:39:15 ip-172-31-14-71.ec2.internal systemd[1]: Started Wazuh-indexer.

[root@ip-172-31-14-71 /]#  bash wazuh-install.sh --start-cluster
31/08/2023 22:39:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
31/08/2023 22:39:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/08/2023 22:40:05 INFO: Wazuh indexer cluster security configuration initialized.
31/08/2023 22:40:16 INFO: Wazuh indexer cluster started.
[root@ip-172-31-14-71 /]#  tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'TYS.pAjVx2db7Ypjw+BC?Zp8r4ykms7j'
[root@ip-172-31-14-71 /]# curl -k -u admin:TYS.pAjVx2db7Ypjw+BC?Zp8r4ykms7j https://172.31.14.71:9200/
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "ohCGz-IZSR-CP0PXaPqEAA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "7203a5af21a8a009aece1474446b437a3c674db6",
    "build_date" : "2023-02-24T18:57:04.388618985Z",
    "build_snapshot" : false,
    "lucene_version" : "9.5.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Installed Manager 🟢

# bash wazuh-install.sh --wazuh-server wazuh-1 -o
31/08/2023 22:42:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
31/08/2023 22:42:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/08/2023 22:42:52 INFO: --- Removing existing Wazuh installation ---
31/08/2023 22:42:52 INFO: Removing Filebeat.
31/08/2023 22:42:53 INFO: Filebeat removed.
31/08/2023 22:42:53 INFO: Installation cleaned.
31/08/2023 22:43:00 INFO: Wazuh repository added.
31/08/2023 22:43:00 INFO: --- Wazuh server ---
31/08/2023 22:43:00 INFO: Starting the Wazuh manager installation.
31/08/2023 22:43:51 INFO: Wazuh manager installation finished.
31/08/2023 22:43:51 INFO: Starting service wazuh-manager.
31/08/2023 22:44:02 INFO: wazuh-manager service started.
31/08/2023 22:44:02 INFO: Starting Filebeat installation.
31/08/2023 22:44:11 INFO: Filebeat installation finished.
31/08/2023 22:44:11 INFO: Filebeat post-install configuration finished.
31/08/2023 22:44:17 INFO: Starting service filebeat.
31/08/2023 22:44:17 INFO: filebeat service started.
31/08/2023 22:44:17 INFO: Installation finished.

Installed Dashboard 🟢

[root@ip-172-31-14-71 /]# bash wazuh-install.sh --wazuh-dashboard dashboard -o
31/08/2023 22:44:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
31/08/2023 22:44:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/08/2023 22:44:58 INFO: --- Removing existing Wazuh installation ---
31/08/2023 22:44:58 INFO: Installation cleaned.
31/08/2023 22:45:05 INFO: Wazuh repository added.
dashboard
31/08/2023 22:45:05 INFO: --- Wazuh dashboard ----
31/08/2023 22:45:05 INFO: Starting Wazuh dashboard installation.
31/08/2023 22:46:11 INFO: Wazuh dashboard installation finished.
31/08/2023 22:46:12 INFO: Wazuh dashboard post-install configuration finished.
31/08/2023 22:46:12 INFO: Starting service wazuh-dashboard.
31/08/2023 22:46:12 INFO: wazuh-dashboard service started.
31
/08/2023 22:46:26 INFO: Initializing Wazuh dashboard web application.
31/08/2023 22:46:26 INFO: Wazuh dashboard web application initialized.
31/08/2023 22:46:26 INFO: --- Summary ---
31/08/2023 22:46:26 INFO: You can access the web interface https://172.31.14.71
    User: admin
    Password: TYS.pAjVx2db7Ypjw+BC?Zp8r4ykms7j
31/08/2023 22:46:26 INFO: Installation finished.

# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-08-31 22:46:16 UTC; 39min ago
 Main PID: 58026 (node)
    Tasks: 11 (limit: 47400)
   Memory: 140.4M
   CGroup: /system.slice/wazuh-dashboard.service

Test app behavior 🔴

• Login works properly 🟢
  

• Healthcheck works properly 🔴
  

• Connect agent to cluster 🟢
  

• Check agents alerts 🔴
  No alerts shown for agent since the wazuh-alerts-* is not present.

• Alerts in manager

# cat /var/ossec/logs/alerts/alerts.json | grep 001
{"timestamp":"2023-09-01T00:02:07.379+0000","rule":{"level":3,"description":"Log file rotated.","id":"591","firedtimes":1,"mail":false,"groups":["ossec"],"pci_dss":["10.5.2","10.5.5"],"gpg13":["10.1"],"gdpr":["II_5.1.f","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.9"],"tsc":["CC6.1","CC7.2","CC7.3","PI1.4","PI1.5","CC7.1","CC8.1"]},"agent":{"id":"001","name":"ubuntu2204.localdomain","ip":"10.0.2.15"},"manager":{"name":"ip-172-31-14-71.ec2.internal"},"id":"1693526527.0","full_log":"ossec: File rotated (inode changed): '/var/log/dpkg.log'.","decoder":{"name":"ossec"},"location":"logcollector"}

[juliamagan]

RPM indexer 🔴

• Package: wazuh-indexer-4.6.0-wp.2392.2.x86_64.rpm

• Install:

[root@wazuh-manager vagrant]# yum install -y /home/vagrant/wazuh-indexer-4.6.0-wp.2392.2.x86_64.rpm 
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:08:56 ago on Fri Sep  1 10:10:07 2023.
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                                             Architecture                                 Version                                                 Repository                                          Size
===================================================================================================================================================================================================================
Installing:
 wazuh-indexer                                       x86_64                                       4.6.0-wp.2392.2                                         @commandline                                       673 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total size: 673 M
Installed size: 930 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Running scriptlet: wazuh-indexer-4.6.0-wp.2392.2.x86_64                                                                                                                                                      1/1 
  Installing       : wazuh-indexer-4.6.0-wp.2392.2.x86_64                                                                                                                                                      1/1 
  Running scriptlet: wazuh-indexer-4.6.0-wp.2392.2.x86_64                                                                                                                                                      1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

  Verifying        : wazuh-indexer-4.6.0-wp.2392.2.x86_64                                                                                                                                                      1/1 

Installed:
  wazuh-indexer-4.6.0-wp.2392.2.x86_64                                                                                                                                                                             

Complete!

• Configure certificates:

[root@wazuh-manager vagrant]# nano /etc/wazuh-indexer/opensearch.yml 
[root@wazuh-manager vagrant]# NODE_NAME=node-1
[root@wazuh-manager vagrant]# mkdir /etc/wazuh-indexer/certs
[root@wazuh-manager vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@wazuh-manager vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@wazuh-manager vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@wazuh-manager vagrant]# chmod 500 /etc/wazuh-indexer/certs
[root@wazuh-manager vagrant]# chmod 400 /etc/wazuh-indexer/certs/*
[root@wazuh-manager vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs

• Start indexer:

[root@wazuh-manager vagrant]# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because the control process exited with error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.

• Error:

Sep 01 10:20:40 wazuh-manager systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-indexer.service has begun starting up.
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]: Exception in thread "main" java.io.IOException: Cannot run program "/usr/share/wazuh-indexer/jdk/bin/java": error=13, Permission denied
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1143)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1073)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at org.opensearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:113)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at org.opensearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:87)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at org.opensearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:70)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at org.opensearch.tools.launchers.JvmOptionsParser.jvmOptions(JvmOptionsParser.java:150)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at org.opensearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:108)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]: Caused by: java.io.IOException: error=13, Permission denied
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at java.base/java.lang.ProcessImpl.forkAndExec(Native Method)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at java.base/java.lang.ProcessImpl.<init>(ProcessImpl.java:314)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at java.base/java.lang.ProcessImpl.start(ProcessImpl.java:244)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1110)
Sep 01 10:20:41 wazuh-manager systemd-entrypoint[23855]:         ... 6 more
Sep 01 10:20:41 wazuh-manager systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Sep 01 10:20:41 wazuh-manager systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- The unit wazuh-indexer.service has entered the 'failed' state with result 'exit-code'.
Sep 01 10:20:41 wazuh-manager systemd[1]: Failed to start Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-indexer.service has failed.
-- 
-- The result is failed.

DEB indexer 🔴

• Package: wazuh-indexer_4.6.0-wp.2392_amd64.deb
• Install:

root@ubuntu-focal:/home/vagrant# apt install -y /home/vagrant/wazuh-indexer_4.6.0-wp.2392_amd64.deb 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of '/home/vagrant/wazuh-indexer_4.6.0-wp.2392_amd64.deb'
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/685 MB of archives.
After this operation, 969 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-indexer_4.6.0-wp.2392_amd64.deb wazuh-indexer amd64 4.6.0-wp.2392 [685 MB]
Selecting previously unselected package wazuh-indexer.
(Reading database ... 63489 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.6.0-wp.2392_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.6.0-wp.2392) ...
Setting up wazuh-indexer (4.6.0-wp.2392) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for systemd (245.4-4ubuntu3.17) ...
Processing triggers for libc-bin (2.31-0ubuntu9.9) ...

• Configure certificates:

root@ubuntu-focal:/home/vagrant# nano /etc/wazuh-indexer/opensearch.yml 
root@ubuntu-focal:/home/vagrant# NODE_NAME=node-1
root@ubuntu-focal:/home/vagrant# mkdir /etc/wazuh-indexer/certs
root@ubuntu-focal:/home/vagrant# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
root@ubuntu-focal:/home/vagrant# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
root@ubuntu-focal:/home/vagrant# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
root@ubuntu-focal:/home/vagrant# chmod 500 /etc/wazuh-indexer/certs
root@ubuntu-focal:/home/vagrant# chmod 400 /etc/wazuh-indexer/certs/*
root@ubuntu-focal:/home/vagrant# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs

• Start indexer:

root@ubuntu-focal:/home/vagrant# systemctl daemon-reload
root@ubuntu-focal:/home/vagrant# systemctl enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
root@ubuntu-focal:/home/vagrant# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because the control process exited with error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.

• Error:

-- A start job for unit wazuh-indexer.service has begun execution.
-- 
-- The job identifier is 928.
Sep 01 07:44:36 ubuntu-focal systemd[3335]: wazuh-indexer.service: Failed to execute command: Permission denied
Sep 01 07:44:36 ubuntu-focal systemd[3335]: wazuh-indexer.service: Failed at step EXEC spawning /usr/share/wazuh-indexer/bin/systemd-entrypoint: Permission denied
-- Subject: Process /usr/share/wazuh-indexer/bin/systemd-entrypoint could not be executed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- The process /usr/share/wazuh-indexer/bin/systemd-entrypoint could not be executed and failed.

systemd-entrypoint permissions should be 750, but they are 640:

root@ubuntu-focal:/home/vagrant# ls -lah /usr/share/wazuh-indexer/bin/systemd-entrypoint 
-rw-r----- 1 wazuh-indexer wazuh-indexer 583 Aug 31 18:54 /usr/share/wazuh-indexer/bin/systemd-entrypoint

[rauldpm]

Update report - RPM

• Error installing Wazuh indexer 4.6.0 wp.2392

Running transaction
  Installing : wazuh-indexer-4.6.0-wp.2392.x86_64                                                                                                                                                              1/1 
could not find java in bundled jdk at /usr/share/wazuh-indexer/jdk/bin/java
chown: cannot access ‘/etc/wazuh-indexer/opensearch.keystore’: No such file or directory
chmod: cannot access ‘/etc/wazuh-indexer/opensearch.keystore’: No such file or directory
md5sum: /etc/wazuh-indexer/opensearch.keystore: No such file or directory
  Verifying  : wazuh-indexer-4.6.0-wp.2392.x86_64  

---

• Missing files 1

could not find java in bundled jdk at /usr/share/wazuh-indexer/jdk/bin/java

• Missing files 2

chown: cannot access ‘/etc/wazuh-indexer/opensearch.keystore’: No such file or directory
chmod: cannot access ‘/etc/wazuh-indexer/opensearch.keystore’: No such file or directory
md5sum: /etc/wazuh-indexer/opensearch.keystore: No such file or directory

---

• JDK missing files probably related to

warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/lib/jspawnhelper
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/javadoc
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jmod
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jpackage
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jrunscript
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jhsdb
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jstat
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jdb
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jdeprscan
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/java
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/rmiregistry
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/javac
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jconsole
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jlink
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jfr
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jinfo
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/serialver
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jps
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jcmd
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/javap
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/keytool
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jstatd
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jstack
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jdeps
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jshell
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jimage
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jmap
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jarsigner
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.6.0-1.x86_64/usr/share/wazuh-indexer/jdk/bin/jar

• Built new package with latest changes and new error obtained

  Installing : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                    1/1 
Error unpacking rpm package wazuh-indexer-4.6.0-1.x86_64
error: unpacking of archive failed on file /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlinx-coroutines-core-jvm-1.3.9.jar;64f1dca4: cpio: read
  Verifying  : wazuh-indexer-4.6.0-1.x86_64 

The error is probably related to an outdated base package, the file was installed correctly

Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                    1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                    1/1 

Installed:
  wazuh-indexer.x86_64 0:4.6.0-1 

• Error found when starting the Wazuh indexer service

[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos7 vagrant]# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.

• Apparently related to java binary permissions, but the java binary has the "correct" permissions

Sep 01 13:10:02 centos7 systemd-entrypoint[4059]: Exception in thread "main" java.io.IOException: Cannot run program "/usr/share/wazuh-indexer/jdk/bin/java": error=0, Failed to exec spawn helper: pid: 4203, exit
Sep 01 13:10:00 centos7 systemd[1]: Starting Wazuh-indexer...
[root@centos7 vagrant]# nano /var/ossls -^C   
[root@centos7 vagrant]# ls -l /usr/share/wazuh-indexer/jdk/bin/java
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 16944 Sep  1 13:00 /usr/share/wazuh-indexer/jdk/bin/java
[root@centos7 vagrant]# /usr/share/wazuh-indexer/jdk/bin/java --version
openjdk 17.0.7 2023-04-18
OpenJDK Runtime Environment Temurin-17.0.7+7 (build 17.0.7+7)
OpenJDK 64-Bit Server VM Temurin-17.0.7+7 (build 17.0.7+7, mixed mode, sharing)

• OpenSearch 2.8.0 java binary has 755 permissions, which is expected

[root@centos7 vagrant]# ls -l /usr/share/opensearch/jdk/bin/java
-rwxr-xr-x. 1 opensearch opensearch 16320 Jun  3 06:32 /usr/share/opensearch/jdk/bin/java

• The embedded java version has been increased from 17.0.6 to 17.0.7

[root@centos7 vagrant]# /usr/share/wazuh-indexer/jdk/bin/java --version
openjdk 17.0.7 2023-04-18
OpenJDK Runtime Environment Temurin-17.0.7+7 (build 17.0.7+7)
OpenJDK 64-Bit Server VM Temurin-17.0.7+7 (build 17.0.7+7, mixed mode, sharing)

• 4.5.0 OVA

• The jspawnhelper binary has 640 permissions when it should have 750 permissions

- -rw-r-----. 1 wazuh-indexer wazuh-indexer     22528 Sep  1 13:00 jspawnhelper

• Fixed binary permissions, new error found

Sep 01 13:42:10 centos7 systemd-entrypoint[24264]: Likely root cause: java.nio.file.AccessDeniedException: /usr/share/wazuh-indexer/modules/aggs-matrix-stats/plugin-descriptor.properties
Sep 01 13:42:10 centos7 systemd-entrypoint[24264]: org.opensearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /usr/share/wazuh-indexer/modules/aggs-matrix-stats/plugin-descriptor.propertie
Sep 01 13:42:10 centos7 systemd-entrypoint[24264]: uncaught exception in thread [main]
Sep 01 13:42:09 centos7 systemd-entrypoint[24264]: WARNING: System::setSecurityManager will be removed in a future release
Sep 01 13:42:09 centos7 systemd-entrypoint[24264]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Sep 01 13:42:09 centos7 systemd-entrypoint[24264]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
Sep 01 13:42:09 centos7 systemd-entrypoint[24264]: WARNING: A terminally deprecated method in java.lang.System has been called

• Fixed directory permissions (640 -> 750) and the Wazuh indexer RPM service started successfully

[root@centos7 vagrant]# systemctl start wazuh-indexer
[root@centos7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2023-09-01 13:44:49 UTC; 12s ago
     Docs: https://documentation.wazuh.com
 Main PID: 24486 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─24486 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.net...

Sep 01 13:44:41 centos7 systemd[1]: Starting Wazuh-indexer...
Sep 01 13:44:42 centos7 systemd-entrypoint[24486]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 01 13:44:42 centos7 systemd-entrypoint[24486]: WARNING: System::setSecurityManager has been called by org.opensearch.b....jar)
Sep 01 13:44:42 centos7 systemd-entrypoint[24486]: WARNING: Please consider reporting this to the maintainers of org.opens...earch
Sep 01 13:44:42 centos7 systemd-entrypoint[24486]: WARNING: System::setSecurityManager will be removed in a future release
Sep 01 13:44:43 centos7 systemd-entrypoint[24486]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 01 13:44:43 centos7 systemd-entrypoint[24486]: WARNING: System::setSecurityManager has been called by org.opensearch.b....jar)
Sep 01 13:44:43 centos7 systemd-entrypoint[24486]: WARNING: Please consider reporting this to the maintainers of org.opens...urity
Sep 01 13:44:43 centos7 systemd-entrypoint[24486]: WARNING: System::setSecurityManager will be removed in a future release
Sep 01 13:44:49 centos7 systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos7 vagrant]# 

• The uninstallation process completes successfully leaving files in /etc and /var/lib, just like 4.5.0 and 4.5.1 do

[root@centos7 vagrant]# ls -l /var/lib/wazuh-indexer/
total 20
-rw-r--r--. 1 995 992  5 Sep  1 13:57 batch_metrics_enabled.conf
-rw-r--r--. 1 995 992  5 Sep  1 13:57 logging_enabled.conf
drwxr-xr-x. 3 995 992 15 Sep  1 13:44 nodes
-rw-r--r--. 1 995 992  5 Sep  1 13:57 performance_analyzer_enabled.conf
-rw-r--r--. 1 995 992  5 Sep  1 13:57 rca_enabled.conf
-rw-r--r--. 1 995 992  5 Sep  1 13:57 thread_contention_monitoring_enabled.conf

[root@centos7 vagrant]# ls -l /etc/wazuh-indexer/certs/
total 20
-r--------. 1 995 992 1704 Sep  1 12:19 admin-key.pem
-r--------. 1 995 992 1107 Sep  1 12:19 admin.pem
-r--------. 1 995 992 1704 Sep  1 12:19 indexer-key.pem
-r--------. 1 995 992 1220 Sep  1 12:19 indexer.pem
-r--------. 1 995 992 1184 Sep  1 12:19 root-ca.pem

[rauldpm]

Update report - DEB

• The Wazuh indexer package has been installed without error

root@debian11:/home/vagrant# apt install ./wazuh-indexer_4.6.0-1_amd64.deb -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.6.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/684 MB of archives.
After this operation, 969 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-indexer_4.6.0-1_amd64.deb wazuh-indexer amd64 4.6.0-1 [684 MB]
Selecting previously unselected package wazuh-indexer.
(Reading database ... 68876 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.6.0-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.6.0-1) ...
Setting up wazuh-indexer (4.6.0-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

• Found error starting the service

root@debian11:/home/vagrant# systemctl daemon-reload
root@debian11:/home/vagrant# systemctl enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
root@debian11:/home/vagrant# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because the control process exited with error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.
root@debian11:/home/vagrant# journalctl -r -u wazuh-indexer
-- Journal begins at Fri 2023-09-01 13:41:20 UTC, ends at Fri 2023-09-01 14:13:55 UTC. --
Sep 01 14:13:55 debian11 systemd[1]: Failed to start Wazuh-indexer.
Sep 01 14:13:55 debian11 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Sep 01 14:13:55 debian11 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=203/EXEC
Sep 01 14:13:55 debian11 systemd[8999]: wazuh-indexer.service: Failed at step EXEC spawning /usr/share/wazuh-indexer/bin/systemd-entrypoint: Permission denied
Sep 01 14:13:55 debian11 systemd[8999]: wazuh-indexer.service: Failed to locate executable /usr/share/wazuh-indexer/bin/systemd-entrypoint: Permission denied

• Related to wrong permissions (640)

root@debian11:/home/vagrant# ls -l /usr/share/wazuh-indexer/bin/
total 56
-rw-r----- 1 wazuh-indexer wazuh-indexer 6033 Sep  1 14:01 indexer-security-init.sh
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 3030 Jun  2 18:00 opensearch
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 1090 Jun  2 18:00 opensearch-cli
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 5359 Sep  1 13:55 opensearch-env
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 1838 Jun  2 18:00 opensearch-env-from-file
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  222 Jun  2 18:00 opensearch-keystore
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  155 Jun  2 18:00 opensearch-node
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Sep  1 14:10 opensearch-performance-analyzer
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  210 Jun  2 18:00 opensearch-plugin
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  148 Jun  2 18:00 opensearch-shard
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  211 Jun  2 18:00 opensearch-upgrade
-rw-r----- 1 wazuh-indexer wazuh-indexer  583 Sep  1 13:55 systemd-entrypoint

• Changing the 640 permissions to 750 permissions fixes the service error

root@debian11:/home/vagrant# chmod 750 /usr/share/wazuh-indexer/bin/systemd-entrypoint 
root@debian11:/home/vagrant# chmod 750 /usr/share/wazuh-indexer/bin/indexer-security-init.sh 
root@debian11:/home/vagrant# systemctl start wazuh-indexer
root@debian11:/home/vagrant# systemctl status wazuh-indexer_4.6.0-1_amd64.deb 
Unit wazuh-indexer_4.6.0-1_amd64.deb.service could not be found.
root@debian11:/home/vagrant# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-09-01 14:20:06 UTC; 8s ago
       Docs: https://documentation.wazuh.com
   Main PID: 9023 (java)
      Tasks: 59 (limit: 4675)
     Memory: 1.2G
        CPU: 14.477s
     CGroup: /system.slice/wazuh-indexer.service
             └─9023 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=t>

Sep 01 14:19:58 debian11 systemd[1]: Starting Wazuh-indexer...
Sep 01 14:19:59 debian11 systemd-entrypoint[9023]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 01 14:19:59 debian11 systemd-entrypoint[9023]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
Sep 01 14:19:59 debian11 systemd-entrypoint[9023]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Sep 01 14:19:59 debian11 systemd-entrypoint[9023]: WARNING: System::setSecurityManager will be removed in a future release
Sep 01 14:20:00 debian11 systemd-entrypoint[9023]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 01 14:20:00 debian11 systemd-entrypoint[9023]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
Sep 01 14:20:00 debian11 systemd-entrypoint[9023]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Sep 01 14:20:00 debian11 systemd-entrypoint[9023]: WARNING: System::setSecurityManager will be removed in a future release
Sep 01 14:20:06 debian11 systemd[1]: Started Wazuh-indexer.

• Files with wrong permissions have been detected, those files are used in a very specific context, so it is needed to review all the files, at least, the binaries

│   │   ├── [-rw-r-----]  audit_config_migrater.sh
│   │   │   ├── [-rw-r-----]  config.yml
│   │   │   ├── [-rw-r-----]  hash.sh
│   │   │   ├── [-rw-r-----]  securityadmin.sh
│   │   │   ├── [-rw-r-----]  SECURITY_ADMIN_TESTS.md
│   │   │   ├── [-rw-r-----]  wazuh-certs-tool.sh
│   │   │   └── [-r-x------]  wazuh-passwords-tool.sh

• Files permission fixed, build success

	chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/aggs-matrix-stats
	chmod 750 $(TARGET_DIR)$(INSTALLATION_DIR)/bin/systemd-entrypoint
	chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/audit_config_migrater.sh
	chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/hash.sh
	chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/securityadmin.sh
	chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/wazuh-certs-tool.sh
	chmod 740 $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/wazuh-passwords-tool.sh

[rauldpm]

Update report

• Building new packages for final testing
  • https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-dashboard-4.6.0-wp.2392.x86_64.rpm
  • https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-indexer-4.6.0-wp.2392.x86_64.rpm
  • https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-manager-4.6.0-wp.2392.x86_64.rpm
  • https://packages-dev.wazuh.com/warehouse/test/4.6/deb/wazuh-dashboard_4.6.0-wp.2392_amd64.deb
  • https://packages-dev.wazuh.com/warehouse/test/4.6/deb/wazuh-indexer_4.6.0-wp.2392_amd64.deb
  • https://packages-dev.wazuh.com/warehouse/test/4.6/deb/wazuh-manager_4.6.0-wp.2392_amd64.deb
• Launched: https://ci.wazuh.info/job/Test_stack_tier/78/

[Deblintrake09]

Update report

Manual testing of setting up the Wazuh Indexer shows that it is installed and starts correctly, but when connecting to a dashboard we can see the wazuh-alerts* template is missing, as it was reported here.

• This issue is related to Unattended installer accurate URL for filebeat template #2404.

[Deblintrake09]

Update report

Testing done on test_stack pipeline 🟢

• https://ci.wazuh.info/job/Test_stack_tier/79/
• https://ci.wazuh.info/job/Test_stack_tier/80/

[rauldpm]

Update report

• Changed ETA from 09/01/2023 to 09/05/2023 due to password change and template errors
• Working on a bug when changing passwords with the Wazuh indexer script

• Step by Step deployment in CentOS 7 finished successfully, alerts received
• The passwords were changed successfully but an error line appeared about the backup directory

mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists

Password change output

04/09/2023 13:39:22 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 0.0.0.0:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.8.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
v16.20.0
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 0.0.0.0:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.8.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
04/09/2023 13:39:33 INFO: The password for user admin is 9E0TUwJBIijgDzCMSzMin4h*tUZDJzr7
04/09/2023 13:39:33 INFO: The password for user kibanaserver is V62C2id7hDygcxtdz2WjtIH+oSNgy9SD
04/09/2023 13:39:33 INFO: The password for user kibanaro is 92J01Etc?MrY9n3hATXQPf0HTnKmY7ON
04/09/2023 13:39:33 INFO: The password for user logstash is 29m16IFe2ko7JkRzhbA2oN*KK*.KXyT8
04/09/2023 13:39:33 INFO: The password for user readall is JOHN1bszTxb3sElkVzFHOidN4UzUh7w?
04/09/2023 13:39:33 INFO: The password for user snapshotrestore is c?CcXfS7PbG?lS0bXy.NDkthq8G9Kec3
04/09/2023 13:39:33 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.

• Despite the message, the directory does not exist before executing the command
• This error is related to the wazuh-passwords-tool.sh script because of the following:
  • When executing with option -a -v it is possible to see the message that the directory exists but the password change is carried out anyway
  • When executing with the parameters of the API users the message disappears and does not appear again
  • When executing the initial command, the observed message still does not appear
  • When creating the directory manually and running the script, no message about the directory is displayed, and the password change is carried out anyway

Commands output

[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -v
04/09/2023 13:50:11 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Installed wazuh-indexer.x86_64                4.6.0-wp.2392               @wazuh          
Backup 
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 0.0.0.0:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.8.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
v16.20.0
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 0.0.0.0:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.8.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
04/09/2023 13:50:16 INFO: The password for user admin is eNyztypPH6ZuG6fT7?poijqGQd?qndVS
04/09/2023 13:50:16 INFO: The password for user kibanaserver is FLwbhRprDC65X3lzNHrdZaRU+Yn.g7EE
04/09/2023 13:50:16 INFO: The password for user kibanaro is ?F+0lyTHcdfdaF+ltn*T4b0XNJM4Rb36
04/09/2023 13:50:16 INFO: The password for user logstash is vJAdCFrFPz2?1ZdUTp3oMBp*m8ATKzNT
04/09/2023 13:50:16 INFO: The password for user readall is zsnM5yJ6JW6pM?i?wEQ+AXd?rtl58Dv1
04/09/2023 13:50:16 INFO: The password for user snapshotrestore is ZPUKaHQoPlPt1VM2f+0GSttXl?wrM+t+
04/09/2023 13:50:16 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
[root@centos7 vagrant]# nano /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh 
[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a
04/09/2023 13:53:04 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Installed wazuh-indexer.x86_64                4.6.0-wp.2392               @wazuh          
Backup 
v16.20.0
04/09/2023 13:53:10 INFO: The password for user admin is SGE+edTnVuF3fw?fFZK2DQtLbk+Hl6J0
04/09/2023 13:53:10 INFO: The password for user kibanaserver is KJB6QDOLMA7?NupbdgpjI9qD8rtwXfbA
04/09/2023 13:53:10 INFO: The password for user kibanaro is xW*sN1ahFMqgIHl9Olv0nBpGzERRE4l2
04/09/2023 13:53:10 INFO: The password for user logstash is MHhhpJxvvWinf4Rp4+Z?phH07od6f8hp
04/09/2023 13:53:10 INFO: The password for user readall is 0*8j6*oPNip73D2aZshHRhyljkvd+snm
04/09/2023 13:53:10 INFO: The password for user snapshotrestore is XojWW0r?*NykIri*hUSuuZ?Kg*y1NZ61
04/09/2023 13:53:10 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all --admin-user wazuh --admin-password wazuh
Installed wazuh-indexer.x86_64                4.6.0-wp.2392               @wazuh          
Backup 
v16.20.0
04/09/2023 13:54:46 INFO: The password for user admin is VFwDn.*4lrY2L*gmJvy2Dp5j+S4v3hyU
04/09/2023 13:54:46 INFO: The password for user kibanaserver is bcmjB6DAMZid0*X4B+X8k2n.ZZtOKUa3
04/09/2023 13:54:46 INFO: The password for user kibanaro is q5fmQ6nQf6Vdodz2GrP*o0Nvpu?ScDwq
04/09/2023 13:54:46 INFO: The password for user logstash is Qw.xyO14umGCeMw6?7o..RXcrFfeHTzg
04/09/2023 13:54:46 INFO: The password for user readall is z2LiETNXstnTG3kO5M.P.GM3N4vnxFCq
04/09/2023 13:54:46 INFO: The password for user snapshotrestore is NNv5KZTNqY.8b2wbC.*vbP*gWBmBHMuC
04/09/2023 13:54:46 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
04/09/2023 13:54:47 INFO: The password for Wazuh API user wazuh is K+9O4Eie5Cw2gUJkiwWtwN4F5L*uA00f
04/09/2023 13:54:47 INFO: The password for Wazuh API user wazuh-wui is flAez4GmFqxciFTg4ACRlb3FsvP*i79.
04/09/2023 13:54:47 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all --admin-user wazuh --admin-password wazuh
04/09/2023 13:55:47 ERROR: Invalid admin user credentials
[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all --admin-user wazuh --admin-password K+9O4Eie5Cw2gUJkiwWtwN4F5L*uA00f
Installed wazuh-indexer.x86_64                4.6.0-wp.2392               @wazuh          
Backup 
v16.20.0
04/09/2023 13:56:06 INFO: The password for user admin is 8E.zs*gcAellB8iHpqPVelxU6V2uJE.?
04/09/2023 13:56:06 INFO: The password for user kibanaserver is eDcZ7nbDK40E?.JFM4X18XlDfHXV4J.U
04/09/2023 13:56:06 INFO: The password for user kibanaro is QuCoSYolopm+kg*4j.gr7BvI3lU*ZEI7
04/09/2023 13:56:06 INFO: The password for user logstash is b31uZ14Py6qUL7WpUYQv0E1lv+3fDpKI
04/09/2023 13:56:06 INFO: The password for user readall is neHA55Qe8tGlmH9Hy29th?iaEj0daeOc
04/09/2023 13:56:06 INFO: The password for user snapshotrestore is T6jXMfN0MWUGM4CEihEmMMTiRu*0w.nM
04/09/2023 13:56:06 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
04/09/2023 13:56:07 INFO: The password for Wazuh API user wazuh is kVAD5+CSBFvuEH7U89YPcc.svqTpCvGw
04/09/2023 13:56:08 INFO: The password for Wazuh API user wazuh-wui is jP3izx3McA*t6B7+AohPqBNP6g7R2Bhq
04/09/2023 13:56:08 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
04/09/2023 13:56:19 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Installed wazuh-indexer.x86_64                4.6.0-wp.2392               @wazuh          
Backup 
v16.20.0
04/09/2023 13:56:25 INFO: The password for user admin is hXx+RuOdq+0rrp+UnhUWReiXtF399AL0
04/09/2023 13:56:25 INFO: The password for user kibanaserver is gEY?Ue1wqA5sqpA8Lp84pcNdIN*buLal
04/09/2023 13:56:25 INFO: The password for user kibanaro is sw7uFvRnfj4pfTN9.kZ94hs0qtWXD+6z
04/09/2023 13:56:25 INFO: The password for user logstash is +O1QZ+hLGRwOJ6XYNdkOBTvhHSFnJtVl
04/09/2023 13:56:25 INFO: The password for user readall is MUqQoeq9vvXlty1wFOuu3Ig?4do?OXD+
04/09/2023 13:56:25 INFO: The password for user snapshotrestore is NQCdPU.evtophQJ2?v*KXM13Zs9R5AuQ
04/09/2023 13:56:25 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a
04/09/2023 13:56:41 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Installed wazuh-indexer.x86_64                4.6.0-wp.2392               @wazuh          
Backup 
v16.20.0
04/09/2023 13:56:47 INFO: The password for user admin is 9vkqM1vpq.76pkYb0+dbX*FYaBFQAR8P
04/09/2023 13:56:47 INFO: The password for user kibanaserver is *dCxA?+Zu.s6rfWvBMSZi2t+UnmR*1A0
04/09/2023 13:56:47 INFO: The password for user kibanaro is 4E35tE6vAqJLVJHZQqtYhrsL.EUYIsbO
04/09/2023 13:56:47 INFO: The password for user logstash is QOlsAC5W0TGWI0huEPiwOkb+uKm+KvAj
04/09/2023 13:56:47 INFO: The password for user readall is 3DpDCTIUoOTOeRp?OEUgkAvjhWO7MIx7
04/09/2023 13:56:47 INFO: The password for user snapshotrestore is CMi9gkT7Ztmd*8W5PbOC6uybO4pyjNcj
04/09/2023 13:56:47 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
[root@centos7 vagrant]# mkdir /etc/wazuh-indexer/backup
[root@centos7 vagrant]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a
04/09/2023 13:57:59 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
Installed wazuh-indexer.x86_64                4.6.0-wp.2392               @wazuh          
Backup 
v16.20.0
04/09/2023 13:58:04 INFO: The password for user admin is *JYHEOVz9Sw1.IgJZ80AaRHS0Ub8bM7t
04/09/2023 13:58:04 INFO: The password for user kibanaserver is 0++t90ucS3yWHYQDL40OsPacxHc.gn?C
04/09/2023 13:58:04 INFO: The password for user kibanaro is wmi95DdVaZMGvRxm6Yy?xPAG29G0uqnl
04/09/2023 13:58:04 INFO: The password for user logstash is Oewk6Ipr+?3WM8ZukiMhG1gac5l974RN
04/09/2023 13:58:04 INFO: The password for user readall is eNJeTvoLTo*.ArFB5T5t4Tn3dVaXHbr4
04/09/2023 13:58:04 INFO: The password for user snapshotrestore is aB*OUsqK8eioSM0uRk3lhDIjCWi*IWzI
04/09/2023 13:58:04 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.

• All errors found are related to the use of the installation assistant

[Deblintrake09]

Update report

• Working on indexer alert template installation error

Testing done with step-by step installation.

• Confirmed Alerts are present after latest packages
  • RPM Stack
    
  • Debian Stack
    

Testing done with wazuh-install script.

• After adapting the script to install the testing packages located in staging repository, the script gets caught when trying to start the dashboard.

[root@ip-172-31-1-254 qa]# bash ./wazuh-install.sh -a
04/09/2023 14:18:47 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
04/09/2023 14:18:47 INFO: Verbose logging redirected to /var/log/wazuh-install.log
04/09/2023 14:18:57 INFO: --- Dependencies ---
04/09/2023 14:18:57 INFO: Installing lsof.
04/09/2023 14:19:00 INFO: Wazuh repository added.
04/09/2023 14:19:00 INFO: --- Configuration files ---
04/09/2023 14:19:00 INFO: Generating configuration files.
04/09/2023 14:19:00 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
04/09/2023 14:19:00 INFO: --- Wazuh indexer ---
04/09/2023 14:19:00 INFO: Starting Wazuh indexer installation.
04/09/2023 14:20:21 INFO: Wazuh indexer installation finished.
04/09/2023 14:20:29 INFO: Wazuh indexer post-install configuration finished.
04/09/2023 14:20:29 INFO: Starting service wazuh-indexer.
04/09/2023 14:20:39 INFO: wazuh-indexer service started.
04/09/2023 14:20:39 INFO: Initializing Wazuh indexer cluster security settings.
04/09/2023 14:20:42 INFO: Wazuh indexer cluster initialized.
04/09/2023 14:20:42 INFO: --- Wazuh server ---
04/09/2023 14:20:42 INFO: Starting the Wazuh manager installation.
04/09/2023 14:21:36 INFO: Wazuh manager installation finished.
04/09/2023 14:21:36 INFO: Starting service wazuh-manager.
04/09/2023 14:21:47 INFO: wazuh-manager service started.
04/09/2023 14:21:47 INFO: Starting Filebeat installation.
04/09/2023 14:21:54 INFO: Filebeat installation finished.
04/09/2023 14:21:54 INFO: Filebeat post-install configuration finished.
04/09/2023 14:21:54 INFO: Starting service filebeat.
04/09/2023 14:21:55 INFO: filebeat service started.
04/09/2023 14:21:55 INFO: --- Wazuh dashboard ---
04/09/2023 14:21:55 INFO: Starting Wazuh dashboard installation.
04/09/2023 14:23:03 INFO: Wazuh dashboard installation finished.
04/09/2023 14:23:03 INFO: Wazuh dashboard post-install configuration finished.
04/09/2023 14:23:03 INFO: Starting service wazuh-dashboard.
04/09/2023 14:23:03 INFO: wazuh-dashboard service started.
v16.20.0
04/09/2023 14:23:24 INFO: Initializing Wazuh dashboard web application.
04/09/2023 14:23:24 INFO: Wazuh dashboard web application not yet initialized. Waiting...
04/09/2023 14:23:39 INFO: Wazuh dashboard web application not yet initialized. Waiting...
04/09/2023 14:23:54 INFO: Wazuh dashboard web application not yet initialized. Waiting...
04/09/2023 14:24:09 INFO: Wazuh dashboard web application not yet initialized. Waiting...
04/09/2023 14:24:24 INFO: Wazuh dashboard web application not yet initialized. Waiting...
04/09/2023 14:24:39 INFO: Wazuh dashboard web application not yet initialized. Waiting...
04/09/2023 14:24:54 INFO: Wazuh dashboard web application not yet initialized. Waiting...