Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Wazuh dashboard binary with new OpenSearch 2.8.0 modifications #2420

Closed
6 tasks done
rauldpm opened this issue Sep 5, 2023 · 3 comments · Fixed by #2423
Closed
6 tasks done

Fix Wazuh dashboard binary with new OpenSearch 2.8.0 modifications #2420

rauldpm opened this issue Sep 5, 2023 · 3 comments · Fixed by #2423
Assignees
@rauldpm
Labels
level/task Subtask issue type/change Change requested type/enhancement Enhancement issue

Comments

@rauldpm
Copy link
Member

rauldpm commented Sep 5, 2023
edited
Loading

Description

It is necessary to add changes to the Wazuh dashboard bump for OpenSearch 2.8.0 since due to a DeprecationWarning it is not possible to use IP in the configuration to connect with the Wazuh indexer

DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.

Debugging this error with @Tostti the following was discovered:

  • The opensearch-dashboard binary has been modified and the sed command used to add configuration does not work
  • These binary modifications are now specified in a new binary called use_node
  • The configuration set in the node.options file is not working

All this is solved as follows:

  • Use the node fallback binary (Node 14) instead of the default binary (Node 16), for this it is necessary to modify the use_node binary
  • Restoring the contents of the opensearch-dashboards binary by default, since the configuration that specifies the /etc/wazuh-dashboard directory is established internally in the base file
  • It is necessary to add the variable OSD_PATH_CONF="/etc/wazuh-dashboard" to the opensearch-dashboards binary so that it establishes the configuration directory (this makes the node.options to work again)
OSD_PATH_CONF="/etc/wazuh-dashboard" OSD_NODE_OPTS_PREFIX="--no-warnings --max-http-header-size=65536" OSD_USE_NODE_JS_FILE_PATH=/src/cli/dist NODE_ENV=production exec ${OSD_HOME}/bin/use_node "${@}"
  • Due to the previous change it is necessary to move the file /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore to /etc/wazuh-indexer/

🟡 It is necessary to try to make the package work using Node 16 instead of using Node 14

Tasks 1

  • Modify the opensearch-dashboards binary with the described modifications
  • Modify the use_node binary to use Node 14 (fallback)
  • Modify the SPECS to change the path of the opensearch_dashboards.keystore file

Validation 1

  • The package works in the same way as Wazuh dashboard 4.5.1

Tasks 2

  • Modify what is necessary for the package to work correctly using Node 16

Validation

  • The package works in the same way as Wazuh dashboard 4.5.1

Working branch

Related
@rauldpm rauldpm added level/task Subtask issue type/enhancement Enhancement issue type/change Change requested labels Sep 5, 2023
@rauldpm rauldpm self-assigned this Sep 5, 2023
@wazuhci wazuhci moved this to In progress in Release 4.6.0 Sep 5, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Sep 5, 2023
edited
Loading

Update report

  • Apparently, the option of using Node 14 is not viable since:
    • The /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore binary creates the keystore in the installation directory, looking at the binary, it may require the same modification as the main binary to set the modified configuration directory
    • This implies that with the proposed modifications, this file is duplicated, which is not acceptable
  • By establishing the configuration path in the main binary, it has been achieved that the service does not fail when using an IP using Node 16, but the following message is observed: Wazuh dashboard server is not ready yet
  • Found the following error in the /var/log/wazuh-indexer/wazuh-cluster.log
[2023-09-05T21:53:01,290][WARN ][o.o.s.a.BackendRegistry  ] [node-1] No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'
[2023-09-05T21:53:03,791][WARN ][o.o.s.a.BackendRegistry  ] [node-1] No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'
[2023-09-05T21:53:04,896][ERROR][o.o.p.c.e.EventLogFileHandler] [node-1] Error writing entry 'NOT_INITIALIZED'. Cause:
java.nio.file.AccessDeniedException: /dev/shm/performanceanalyzer/1693950780000.tmp
        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
        at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218) ~[?:?]
        at java.nio.file.spi.FileSystemProvider.newOutputStream(FileSystemProvider.java:484) ~[?:?]
        at java.nio.file.Files.newOutputStream(Files.java:228) ~[?:?]
        at org.opensearch.performanceanalyzer.commons.event_process.EventLogFileHandler.writeTmpFileWithPrivilege(EventLogFileHandler.java:80) [performance-analyzer-commons-1.0.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.event_process.EventLogFileHandler.lambda$writeTmpFile$0(EventLogFileHandler.java:47) [performance-analyzer-commons-1.0.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.util.Util.lambda$invokePrivileged$1(Util.java:57) [performance-analyzer-commons-1.0.0.jar:?]
        at java.security.AccessController.doPrivileged(AccessController.java:318) [?:?]
        at org.opensearch.performanceanalyzer.commons.util.Util.invokePrivileged(Util.java:53) [performance-analyzer-commons-1.0.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.event_process.EventLogFileHandler.writeTmpFile(EventLogFileHandler.java:47) [performance-analyzer-commons-1.0.0.jar:?]
        at org.opensearch.performanceanalyzer.writer.EventLogQueueProcessor.purgeQueueAndPersist(EventLogQueueProcessor.java:152) [opensearch-performance-analyzer-2.8.0.0.jar:2.8.0.0]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) [?:?]
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) [?:?]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) [?:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
        at java.lang.Thread.run(Thread.java:833) [?:?]
  • Copying the keystore file to the config directory fixes the error
cp /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore /etc/wazuh-dashboard/
  • This continues to raise the duplicity of the keystore and a possible breaking change in the DevOps repositories
  • Added the variable OSD_PATH_CONF="/etc/wazuh-dashboard" to the /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore fixes the error, the keystore is now looked at the config directory and it is created in the config directory, the SPECS files must be modified
root@debian11:/home/vagrant# /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore create --allow-root
v16.20.0
Created OpenSearch Dashboards keystore in /etc/wazuh-dashboard/opensearch_dashboards.keystore

root@debian11:/home/vagrant# runuser wazuh-dashboard --shell="/bin/bash" --command="/usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore create --allow-root"
v16.20.0
Created OpenSearch Dashboards keystore in /etc/wazuh-dashboard/opensearch_dashboards.keystore
root@debian11:/home/vagrant# ls -l /usr/share/wazuh-dashboard/config/
total 0
root@debian11:/home/vagrant# ls -l /etc/wazuh-dashboard/opensearch_dashboards.keystore 
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard 130 Sep  5 22:08 /etc/wazuh-dashboard/opensearch_dashboards.keystore
root@debian11:/home/vagrant# runuser wazuh-dashboard --shell="/bin/bash" --command="echo kibanaserver | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root"v16.20.0
root@debian11:/home/vagrant# runuser wazuh-dashboard --shell="/bin/bash" --command="echo kibanaserver | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root"v16.20.0
root@debian11:/home/vagrant# ls -l /usr/share/wazuh-dashboard/config/
total 0
root@debian11:/home/vagrant# ls -l /etc/wazuh-dashboard/opensearch_dashboards.keystore 
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard 226 Sep  5 22:09 /etc/wazuh-dashboard/opensearch_dashboards.keystore
root@debian11:/home/vagrant# systemctl restart wazuh-dashboard
root@debian11:/home/vagrant# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-09-05 22:10:08 UTC; 9s ago
   Main PID: 66986 (node)
      Tasks: 11 (limit: 4675)
     Memory: 188.9M
        CPU: 3.181s
     CGroup: /system.slice/wazuh-dashboard.service
             └─66986 /usr/share/wazuh-dashboard/node/fallback/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml

Sep 05 22:10:12 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:12Z","tags":[],"pid":66986,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post",">
Sep 05 22:10:12 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:12Z","tags":[],"pid":66986,"method":"get","statusCode":200,"req":{"url":"/46000/bundles/plugin/data/data.>
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Ligh>
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Bold>
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png",>
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post",">
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post",">
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post",">
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post",">
Sep 05 22:10:13 debian11 opensearch-dashboards[66986]: {"type":"response","@timestamp":"2023-09-05T22:10:13Z","tags":[],"pid":66986,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post",">
  • The WUI is accessible using the 127.0.0.1 IP using Node 14 (the Node 16 version of the command output is just an OpenSearch echo)
  • The --no-warnings parameter is being passed correctly to the node command that executes OpenSearch. The only difference found in the current operation between Node 14 and Node 16 is that the --no-warnings is not working since:
    • If --no-warnings is removed in Node 14, the deprecation error kills the service
    • If --no-warnings is added in Node 14 (by default), the deprecation error does not kill the service
    • If --no-warnings is removed in Node 16, the deprecation error kills the service
    • If --no-warnings is added in Node 16 (by default), the deprecation error kills the service
  • It is clear that Node's behavior has changed when it comes to error handling, this needs to be investigated better

@rauldpm rauldpm mentioned this issue Sep 6, 2023
Merged
11 tasks
@rauldpm rauldpm linked a pull request Sep 6, 2023 that will close this issue
Improvements in Wazuh dahboard 4.6.0-2.8.0 package #2423
Merged
11 tasks
@rauldpm
Copy link
Member Author

rauldpm commented Sep 6, 2023
edited
Loading

Update report

  • Investigating, a difference has been found in the operation between Node 14 and Node 16 since the NODE_OPTIONS environment variable is not being correctly read in Node 16 (/bin/use_node)
  • In previous versions, it has been detected that a modification is being made in the call to Node, passing said environment variable as an exec parameter, the call has been adapted for 2.8.0, remaining as follows:
NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"
NODE_ENV=production exec "${NODE}" ${NODE_OPTIONS} "${OSD_HOME}${OSD_USE_NODE_JS_FILE_PATH}" "${@}"
  • Thus, it is possible to launch and use the service using DNS and IPs
  • It has also been necessary to adapt the package for the correct management of the OpenSearch Keystore in an upgrade, for this, the management (creation of the keystore) has been moved to the posttrans scriptlet since this file is not tracked by the package. Additionally, a check has been added so that if the Keystore exists in the old path, it is moved to the new path, maintaining the data

Tests

Upgrade in Debian 11 from 4.5.2 to 4.6.0 
root@debian11:/home/vagrant# curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i
06/09/2023 17:44:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
06/09/2023 17:44:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
06/09/2023 17:44:24 WARNING: Hardware and system checks ignored.
06/09/2023 17:44:24 INFO: Wazuh web interface port will be 443.
06/09/2023 17:44:25 INFO: --- Dependencies ----
06/09/2023 17:44:25 INFO: Installing apt-transport-https.
06/09/2023 17:44:26 INFO: Installing software-properties-common.
06/09/2023 17:44:31 INFO: Wazuh repository added.
06/09/2023 17:44:31 INFO: --- Configuration files ---
06/09/2023 17:44:31 INFO: Generating configuration files.
06/09/2023 17:44:31 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
06/09/2023 17:44:31 INFO: --- Wazuh indexer ---
06/09/2023 17:44:31 INFO: Starting Wazuh indexer installation.
06/09/2023 17:45:11 INFO: Wazuh indexer installation finished.
06/09/2023 17:45:11 INFO: Wazuh indexer post-install configuration finished.
06/09/2023 17:45:11 INFO: Starting service wazuh-indexer.
06/09/2023 17:45:24 INFO: wazuh-indexer service started.
06/09/2023 17:45:24 INFO: Initializing Wazuh indexer cluster security settings.
06/09/2023 17:45:34 INFO: Wazuh indexer cluster initialized.
06/09/2023 17:45:34 INFO: --- Wazuh server ---
06/09/2023 17:45:34 INFO: Starting the Wazuh manager installation.
06/09/2023 17:46:00 INFO: Wazuh manager installation finished.
06/09/2023 17:46:00 INFO: Starting service wazuh-manager.
06/09/2023 17:46:14 INFO: wazuh-manager service started.
06/09/2023 17:46:14 INFO: Starting Filebeat installation.
06/09/2023 17:46:17 INFO: Filebeat installation finished.
06/09/2023 17:46:18 INFO: Filebeat post-install configuration finished.
06/09/2023 17:46:18 INFO: Starting service filebeat.
06/09/2023 17:46:18 INFO: filebeat service started.
06/09/2023 17:46:18 INFO: --- Wazuh dashboard ---
06/09/2023 17:46:18 INFO: Starting Wazuh dashboard installation.
06/09/2023 17:46:43 INFO: Wazuh dashboard installation finished.
06/09/2023 17:46:43 INFO: Wazuh dashboard post-install configuration finished.
06/09/2023 17:46:43 INFO: Starting service wazuh-dashboard.
06/09/2023 17:46:43 INFO: wazuh-dashboard service started.
06/09/2023 17:47:00 INFO: Initializing Wazuh dashboard web application.
06/09/2023 17:47:01 INFO: Wazuh dashboard web application initialized.
06/09/2023 17:47:01 INFO: --- Summary ---
06/09/2023 17:47:01 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: H.69t?XfoK.W2QS9y4pxU1t1P+DS7v7Q
06/09/2023 17:47:01 INFO: Installation finished.
root@debian11:/home/vagrant# systemctl stop filebeat
systemctl stop wazuh-dashboard
root@debian11:/home/vagrant# curl -X PUT "https://localhost:9200/_cluster/settings"  -u admin:H.69t?XfoK.W2QS9y4pxU1t1P+DS7v7Q -k -H 'Content-Type: application/json' -d'
{
  "persistent": {
    "cluster.routing.allocation.enable": "primaries"
  }
}
'
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"primaries"}}}},"transient":{}}root@debian11:/home/vagrant# 
root@debian11:/home/vagrant# curl -X POST "https://localhost:9200/_flush/synced" -u admin:H.69t?XfoK.W2QS9y4pxU1t1P+DS7v7Q -k
{"_shards":{"total":7,"successful":7,"failed":0}}root@debian11:/home/vagrant# 
root@debian11:/home/vagrant# systemctl stop wazuh-indexer
root@debian11:/home/vagrant# apt install ./wazuh-indexer_4.6.0-wp.2420_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.6.0-wp.2420_amd64.deb'
The following packages will be upgraded:
  wazuh-indexer
1 upgraded, 0 newly installed, 0 to remove and 56 not upgraded.
Need to get 0 B/684 MB of archives.
After this operation, 1,739 kB disk space will be freed.
Get:1 /home/vagrant/wazuh-indexer_4.6.0-wp.2420_amd64.deb wazuh-indexer amd64 4.6.0-1 [684 MB]
Reading changelogs... Done
(Reading database ... 186868 files and directories currently installed.)
Progress: [ 20%] [###########################################............................................................................................................................................................................] 
Setting up wazuh-indexer (4.6.0-1) ...#######################............................................................................................................................................................................] 
Installing new version of config file /etc/wazuh-indexer/opensearch-notifications-core/notifications-core.yml ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/log4j2.xml ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/rca.conf ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/rca_cluster_manager.conf ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/rca_idle_cluster_manager.conf ...
Installing new version of config file /etc/wazuh-indexer/opensearch-security/config.yml ...
root@debian11:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-indexer
systemctl start wazuh-indexer
root@debian11:/home/vagrant# curl -k -u admin:H.69t?XfoK.W2QS9y4pxU1t1P+DS7v7Q https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1           12          97  10    0.57    0.46     0.25 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
root@debian11:/home/vagrant# curl -X PUT "https://localhost:9200/_cluster/settings" -u admin:H.69t?XfoK.W2QS9y4pxU1t1P+DS7v7Q -k -H 'Content-Type: application/json' -d'
{
  "persistent": {
    "cluster.routing.allocation.enable": "all"
  }
}
'
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"all"}}}},"transient":{}}root@debian11:/home/vagrant# 
root@debian11:/home/vagrant# curl -k -u admin:H.69t?XfoK.W2QS9y4pxU1t1P+DS7v7Q https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1           15          97   1    0.27    0.39     0.23 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
root@debian11:/home/vagrant# 
root@debian11:/home/vagrant# apt install ./wazuh-manager_4.6.0-wp.2420_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-manager' instead of './wazuh-manager_4.6.0-wp.2420_amd64.deb'
Suggested packages:
  expect
The following packages will be upgraded:
  wazuh-manager
1 upgraded, 0 newly installed, 0 to remove and 56 not upgraded.
Need to get 0 B/171 MB of archives.
After this operation, 1,704 kB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-manager_4.6.0-wp.2420_amd64.deb wazuh-manager amd64 4.6.0-1 [171 MB]
Reading changelogs... Done        
(Reading database ... 186872 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.6.0-wp.2420_amd64.deb ...
Unpacking wazuh-manager (4.6.0-1) over (4.5.2-1) ...
Setting up wazuh-manager (4.6.0-1) ...
root@debian11:/home/vagrant# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module
sudo: unable to resolve host debian11: Name or service not known
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
root@debian11:/home/vagrant# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.6.0/extensions/elasticsearch/7.x/wazuh-template.json
root@debian11:/home/vagrant# chmod go+r /etc/filebeat/wazuh-template.json
root@debian11:/home/vagrant# systemctl daemon-reload
systemctl enable filebeat
systemctl start filebeat
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
root@debian11:/home/vagrant# apt install ./wazuh-dashboard_4.6.0-1_amd64.deb ^C
root@debian11:/home/vagrant# ls -l /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard 254 Sep  6 17:46 /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
You have mail in /var/mail/root
root@debian11:/home/vagrant# sha1sum /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
91fb111839fb819f29e77dcdffee07eef1582f59  /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
root@debian11:/home/vagrant# apt install ./wazuh-dashboard_4.6.0-1_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.6.0-1_amd64.deb'
The following packages will be upgraded:
  wazuh-dashboard
1 upgraded, 0 newly installed, 0 to remove and 56 not upgraded.
Need to get 0 B/179 MB of archives.
After this operation, 152 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-dashboard_4.6.0-1_amd64.deb wazuh-dashboard amd64 4.6.0-1 [179 MB]
Reading changelogs... Done
(Reading database ... 186885 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.6.0-1_amd64.deb ...
Unpacking wazuh-dashboard (4.6.0-1) over (4.5.2-1) ...
Setting up wazuh-dashboard (4.6.0-1) ...
Installing new version of config file /etc/systemd/system/wazuh-dashboard.service ...

Configuration file '/etc/wazuh-dashboard/opensearch_dashboards.yml'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** opensearch_dashboards.yml (Y/I/N/O/D/Z) [default=N] ? N
root@debian11:/home/vagrant# ls -l /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
ls: cannot access '/usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore': No such file or directory
root@debian11:/home/vagrant# ls -l /etc/wazuh-dashboard/opensearch_dashboards.keystore 
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard 254 Sep  6 17:46 /etc/wazuh-dashboard/opensearch_dashboards.keystore
root@debian11:/home/vagrant# sha1sum /etc/wazuh-dashboard/opensearch_dashboards.keystore 
91fb111839fb819f29e77dcdffee07eef1582f59  /etc/wazuh-dashboard/opensearch_dashboards.keystore
oot@debian11:/home/vagrant# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: kibanaserver
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
opensearch_security.cookie.secure: true
root@debian11:/home/vagrant# ls -l /etc/wazuh-dashboard/certs/
total 12
-r-------- 1 wazuh-dashboard wazuh-dashboard 1204 Sep  6 17:44 root-ca.pem
-r-------- 1 wazuh-dashboard wazuh-dashboard 1704 Sep  6 17:44 wazuh-dashboard-key.pem
-r-------- 1 wazuh-dashboard wazuh-dashboard 1245 Sep  6 17:44 wazuh-dashboard.pem
root@debian11:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-dashboard
systemctl start wazuh-dashboard
root@debian11:/home/vagrant# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-09-06 17:56:17 UTC; 1min 47s ago
   Main PID: 100566 (node)
      Tasks: 11 (limit: 4675)
     Memory: 205.4M
        CPU: 3.895s
     CGroup: /system.slice/wazuh-dashboard.service
             └─100566 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml

Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","savedobjects-service"],"pid":100566,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch D>
Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","savedobjects-service"],"pid":100566,"message":"Starting saved objects migrations"}
Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","savedobjects-service"],"pid":100566,"message":"Detected mapping change in \"properties.visualization-visbuilder\""}
Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","savedobjects-service"],"pid":100566,"message":"Creating index .kibana_2."}
Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","savedobjects-service"],"pid":100566,"message":"Migrating .kibana_1 saved objects to .kibana_2"}
Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","savedobjects-service"],"pid":100566,"message":"Pointing alias .kibana to .kibana_2."}
Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","savedobjects-service"],"pid":100566,"message":"Finished in 224ms."}
Sep 06 17:56:21 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:21Z","tags":["info","plugins-system"],"pid":100566,"message":"Starting [44] plugins: [alertingDashboards,usageCollection,opensearchDash>
Sep 06 17:56:22 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:22Z","tags":["listening","info"],"pid":100566,"message":"Server running at https://0.0.0.0:443"}
Sep 06 17:56:22 debian11 opensearch-dashboards[100566]: {"type":"log","@timestamp":"2023-09-06T17:56:22Z","tags":["info","http","server","OpenSearchDashboards"],"pid":100566,"message":"http server running at https://0.0.0.0:443"}
Upgrade in CentOS 7 from 4.5.2 to 4.6.0 
[root@centos7 vagrant]# curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
06/09/2023 16:04:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.2
06/09/2023 16:04:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
06/09/2023 16:04:09 INFO: --- Dependencies ---
06/09/2023 16:04:09 INFO: Installing lsof.
06/09/2023 16:04:09 INFO: Wazuh web interface port will be 443.
06/09/2023 16:04:10 INFO: Wazuh repository added.
06/09/2023 16:04:10 INFO: --- Configuration files ---
06/09/2023 16:04:10 INFO: Generating configuration files.
06/09/2023 16:04:10 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
06/09/2023 16:04:10 INFO: --- Wazuh indexer ---
06/09/2023 16:04:10 INFO: Starting Wazuh indexer installation.
06/09/2023 16:05:28 INFO: Wazuh indexer installation finished.
06/09/2023 16:05:28 INFO: Wazuh indexer post-install configuration finished.
06/09/2023 16:05:28 INFO: Starting service wazuh-indexer.
06/09/2023 16:05:35 INFO: wazuh-indexer service started.
06/09/2023 16:05:35 INFO: Initializing Wazuh indexer cluster security settings.
06/09/2023 16:05:45 INFO: Wazuh indexer cluster initialized.
06/09/2023 16:05:45 INFO: --- Wazuh server ---
06/09/2023 16:05:45 INFO: Starting the Wazuh manager installation.
06/09/2023 16:06:15 INFO: Wazuh manager installation finished.
06/09/2023 16:06:15 INFO: Starting service wazuh-manager.
06/09/2023 16:06:28 INFO: wazuh-manager service started.
06/09/2023 16:06:28 INFO: Starting Filebeat installation.
06/09/2023 16:06:33 INFO: Filebeat installation finished.
06/09/2023 16:06:34 INFO: Filebeat post-install configuration finished.
06/09/2023 16:06:34 INFO: Starting service filebeat.
06/09/2023 16:06:34 INFO: filebeat service started.
06/09/2023 16:06:34 INFO: --- Wazuh dashboard ---
06/09/2023 16:06:34 INFO: Starting Wazuh dashboard installation.
06/09/2023 16:07:25 INFO: Wazuh dashboard installation finished.
06/09/2023 16:07:25 INFO: Wazuh dashboard post-install configuration finished.
06/09/2023 16:07:25 INFO: Starting service wazuh-dashboard.
06/09/2023 16:07:25 INFO: wazuh-dashboard service started.
06/09/2023 16:07:39 INFO: Initializing Wazuh dashboard web application.
06/09/2023 16:07:41 INFO: Wazuh dashboard web application initialized.
06/09/2023 16:07:41 INFO: --- Summary ---
06/09/2023 16:07:41 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: SWHH*sEk5qZB0weCwNTp0oFhvAT?ew2E
06/09/2023 16:07:41 INFO: Installation finished.
[root@centos7 vagrant]# ls -l /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
-rw-r--r--. 1 wazuh-dashboard wazuh-dashboard 254 Sep  6 16:07 /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
[root@centos7 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-indexer-4.6.0-wp.2420.x86_64.rpm
--2023-09-06 16:22:23--  https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-indexer-4.6.0-wp.2420.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.65, 52.84.66.16, 52.84.66.124, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.65|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 705928884 (673M) [binary/octet-stream]
Saving to: ‘wazuh-indexer-4.6.0-wp.2420.x86_64.rpm’

100%[====================================================================>] 705,928,884 24.8MB/s   in 29s    

2023-09-06 16:22:53 (22.9 MB/s) - ‘wazuh-indexer-4.6.0-wp.2420.x86_64.rpm’ saved [705928884/705928884]

[root@centos7 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-manager-4.6.0-wp.2420.x86_64.rpm
--2023-09-06 16:22:57--  https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-manager-4.6.0-wp.2420.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.124, 52.84.66.16, 52.84.66.65, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.124|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 172780707 (165M) [binary/octet-stream]
Saving to: ‘wazuh-manager-4.6.0-wp.2420.x86_64.rpm’

100%[====================================================================>] 172,780,707 25.0MB/s   in 7.8s   

2023-09-06 16:23:05 (21.2 MB/s) - ‘wazuh-manager-4.6.0-wp.2420.x86_64.rpm’ saved [172780707/172780707]

[root@centos7 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm
--2023-09-06 16:23:10--  https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.65, 52.84.66.124, 52.84.66.16, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.65|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 275128406 (262M) [binary/octet-stream]
Saving to: ‘wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm’

100%[====================================================================>] 275,128,406 24.2MB/s   in 12s    

2023-09-06 16:23:23 (21.8 MB/s) - ‘wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm’ saved [275128406/275128406]

[root@centos7 vagrant]# systemctl stop filebeat
[root@centos7 vagrant]# systemctl stop wazuh-dashboard
[root@centos7 vagrant]# curl -X PUT "https://localhost:9200/_cluster/settings"  -u admin:SWHH*sEk5qZB0weCwNTp0oFhvAT?ew2E -k -H 'Content-Type: application/json' -d'
> {
>   "persistent": {
>     "cluster.routing.allocation.enable": "primaries"
>   }
> }
> '
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"primaries"}}}},"transient":{}}
[root@centos7 vagrant]# curl -X POST "https://localhost:9200/_flush/synced" -u admin:SWHH*sEk5qZB0weCwNTp0oFhvAT?ew2E -k
{"_shards":{"total":7,"successful":7,"failed":0}}
[root@centos7 vagrant]# systemctl stop wazuh-indexer
[root@centos7 vagrant]# yum localinstall wazuh-indexer-4.6.0-wp.2420.x86_64.rpm 
Loaded plugins: fastestmirror
Examining wazuh-indexer-4.6.0-wp.2420.x86_64.rpm: wazuh-indexer-4.6.0-1.x86_64
Marking wazuh-indexer-4.6.0-wp.2420.x86_64.rpm as an update to wazuh-indexer-4.5.2-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.5.2-1 will be updated
---> Package wazuh-indexer.x86_64 0:4.6.0-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================
 Package                Arch            Version            Repository                                    Size
==============================================================================================================
Updating:
 wazuh-indexer          x86_64          4.6.0-1            /wazuh-indexer-4.6.0-wp.2420.x86_64          930 M

Transaction Summary
==============================================================================================================
Upgrade  1 Package

Total size: 930 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-indexer-4.6.0-1.x86_64                                                               1/2 
  Cleanup    : wazuh-indexer-4.5.2-1.x86_64                                                               2/2 
  Verifying  : wazuh-indexer-4.6.0-1.x86_64                                                               1/2 
  Verifying  : wazuh-indexer-4.5.2-1.x86_64                                                               2/2 

Updated:
  wazuh-indexer.x86_64 0:4.6.0-1                                                                              

Complete!
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-indexer
[root@centos7 vagrant]# systemctl start wazuh-indexer
[root@centos7 vagrant]# curl -k -u admin:SWHH*sEk5qZB0weCwNTp0oFhvAT?ew2E https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1           17          97   4    0.45    0.22     0.16 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# curl -X PUT "https://localhost:9200/_cluster/settings" -u  admin:SWHH*sEk5qZB0weCwNTp0oFhvAT?ew2E -k -H 'Content-Type: application/json' -d'
> {
>   "persistent": {
>     "cluster.routing.allocation.enable": "all"
>   }
> }
> '
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"all"}}}},"transient":{}}[root@centos7 vagrant]# 
[root@centos7 vagrant]# curl -k -u admin:SWHH*sEk5qZB0weCwNTp0oFhvAT?ew2E https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1           17          97   0    0.21    0.19     0.15 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# yum localinstall wazuh-manager-4.6.0-wp.2420.x86_64.rpm 
Loaded plugins: fastestmirror
Examining wazuh-manager-4.6.0-wp.2420.x86_64.rpm: wazuh-manager-4.6.0-1.x86_64
Marking wazuh-manager-4.6.0-wp.2420.x86_64.rpm as an update to wazuh-manager-4.5.2-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.5.2-1 will be updated
---> Package wazuh-manager.x86_64 0:4.6.0-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================
 Package                Arch            Version            Repository                                    Size
==============================================================================================================
Updating:
 wazuh-manager          x86_64          4.6.0-1            /wazuh-manager-4.6.0-wp.2420.x86_64          599 M

Transaction Summary
==============================================================================================================
Upgrade  1 Package

Total size: 599 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-manager-4.6.0-1.x86_64                                                               1/2 
warning: /var/ossec/etc/ossec.conf created as /var/ossec/etc/ossec.conf.rpmnew
  Cleanup    : wazuh-manager-4.5.2-1.x86_64                                                               2/2 
  Verifying  : wazuh-manager-4.6.0-1.x86_64                                                               1/2 
  Verifying  : wazuh-manager-4.5.2-1.x86_64                                                               2/2 

Updated:
  wazuh-manager.x86_64 0:4.6.0-1                                                                              

Complete!
[root@centos7 vagrant]# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
[root@centos7 vagrant]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.6.0/extensions/elasticsearch/7.x/wazuh-template.json
[root@centos7 vagrant]# chmod go+r /etc/filebeat/wazuh-template.json
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable filebeat
[root@centos7 vagrant]# systemctl start filebeat
[root@centos7 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@centos7 vagrant]# yum localinstall wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm 
Loaded plugins: fastestmirror
Examining wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm: wazuh-dashboard-4.6.0-1.x86_64
Marking wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm as an update to wazuh-dashboard-4.5.2-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.5.2-1 will be updated
---> Package wazuh-dashboard.x86_64 0:4.6.0-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================
 Package                 Arch           Version           Repository                                     Size
==============================================================================================================
Updating:
 wazuh-dashboard         x86_64         4.6.0-1           /wazuh-dashboard-4.6.0-wp.2420.x86_64         883 M

Transaction Summary
==============================================================================================================
Upgrade  1 Package

Total size: 883 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-dashboard-4.6.0-1.x86_64                                                             1/2 
warning: /etc/wazuh-dashboard/opensearch_dashboards.yml created as /etc/wazuh-dashboard/opensearch_dashboards.yml.rpmnew
  Cleanup    : wazuh-dashboard-4.5.2-1.x86_64                                                             2/2 
  Verifying  : wazuh-dashboard-4.6.0-1.x86_64                                                             1/2 
  Verifying  : wazuh-dashboard-4.5.2-1.x86_64                                                             2/2 

Updated:
  wazuh-dashboard.x86_64 0:4.6.0-1                                                                            

Complete!
[root@centos7 vagrant]# ls -l /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
-rw-r--r--. 1 wazuh-dashboard wazuh-dashboard 254 Sep  6 16:07 /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
[root@centos7 vagrant]# ls -l /etc/wazuh-dashboard/opensearch_dashboards.keystore 
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 226 Sep  6 16:34 /etc/wazuh-dashboard/opensearch_dashboards.keystore
[root@centos7 vagrant]# rm -rf /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-dashboard
[root@centos7 vagrant]# systemctl start wazuh-dashboard

**Error related to Wazuh dashboard keystore**

[root@centos7 vagrant]# ls -l /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
-rw-r--r--. 1 wazuh-dashboard wazuh-dashboard 254 Sep  6 17:28 /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
[root@centos7 vagrant]# sha1sum /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
7b51e96efe13b6fc99272db80de5fc5734f0b2df  /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
[root@centos7 vagrant]# yum localinstall wazuh-dashboard-4.6.0-1.x86_64.rpm 
Loaded plugins: fastestmirror
Examining wazuh-dashboard-4.6.0-1.x86_64.rpm: wazuh-dashboard-4.6.0-1.x86_64
Marking wazuh-dashboard-4.6.0-1.x86_64.rpm as an update to wazuh-dashboard-4.5.2-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.5.2-1 will be updated
---> Package wazuh-dashboard.x86_64 0:4.6.0-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================
 Package                        Arch                  Version                  Repository                                      Size
====================================================================================================================================
Updating:
 wazuh-dashboard                x86_64                4.6.0-1                  /wazuh-dashboard-4.6.0-1.x86_64                883 M

Transaction Summary
====================================================================================================================================
Upgrade  1 Package

Total size: 883 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-dashboard-4.6.0-1.x86_64                                                                                   1/2 
warning: /etc/wazuh-dashboard/opensearch_dashboards.yml created as /etc/wazuh-dashboard/opensearch_dashboards.yml.rpmnew
  Cleanup    : wazuh-dashboard-4.5.2-1.x86_64                                                                                   2/2 
  Verifying  : wazuh-dashboard-4.6.0-1.x86_64                                                                                   1/2 
  Verifying  : wazuh-dashboard-4.5.2-1.x86_64                                                                                   2/2 

Updated:
  wazuh-dashboard.x86_64 0:4.6.0-1                                                                                                  

Complete!
[root@centos7 vagrant]# ls -l /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore 
ls: cannot access /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore: No such file or directory
[root@centos7 vagrant]# ls -l /etc/wazuh-dashboard/opensearch_dashboards.keystore 
-rw-r--r--. 1 wazuh-dashboard wazuh-dashboard 254 Sep  6 17:28 /etc/wazuh-dashboard/opensearch_dashboards.keystore
[root@centos7 vagrant]# sha1sum /etc/wazuh-dashboard/opensearch_dashboards.keystore 
7b51e96efe13b6fc99272db80de5fc5734f0b2df  /etc/wazuh-dashboard/opensearch_dashboards.keystore

[root@centos7 vagrant]# chmod 500 /etc/wazuh-dashboard/certs
[root@centos7 vagrant]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@centos7 vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@centos7 vagrant]# systemctl restart wazuh-dashboard.service 
[root@centos7 vagrant]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2023-09-06 17:36:17 UTC; 2s ago
 Main PID: 31286 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─31286 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=war...

Sep 06 17:36:17 centos7 systemd[1]: Started wazuh-dashboard.
Sep 06 17:36:17 centos7 opensearch-dashboards[31286]: v16.20.0
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","plug...ce]"}
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","plug...ed."}
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","plug...ed."}
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","plug...ed."}
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","plug...t,exp
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","save......"}
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","save...ons"}
Sep 06 17:36:19 centos7 opensearch-dashboards[31286]: {"type":"log","@timestamp":"2023-09-06T17:36:19Z","tags":["info","plug...expre
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos7 vagrant]#
AIO install 
[root@centos71 unattended_installer]# bash wazuh-install.sh -a -i
06/09/2023 15:26:57 INFO: Starting Wazuh installation assistant. Wazuh version: 4.6.0
06/09/2023 15:26:57 INFO: Verbose logging redirected to /var/log/wazuh-install.log
06/09/2023 15:26:59 INFO: --- Dependencies ---
06/09/2023 15:26:59 INFO: Installing lsof.
06/09/2023 15:27:03 WARNING: Hardware and system checks ignored.
06/09/2023 15:27:03 INFO: Wazuh web interface port will be 443.
06/09/2023 15:27:05 INFO: Wazuh development repository added.
06/09/2023 15:27:05 INFO: --- Configuration files ---
06/09/2023 15:27:05 INFO: Generating configuration files.
06/09/2023 15:27:05 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
06/09/2023 15:27:05 INFO: --- Wazuh indexer ---
06/09/2023 15:27:05 INFO: Starting Wazuh indexer installation.
06/09/2023 15:28:11 INFO: Wazuh indexer installation finished.
06/09/2023 15:28:11 INFO: Wazuh indexer post-install configuration finished.
06/09/2023 15:28:11 INFO: Starting service wazuh-indexer.
06/09/2023 15:28:18 INFO: wazuh-indexer service started.
06/09/2023 15:28:18 INFO: Initializing Wazuh indexer cluster security settings.
06/09/2023 15:28:29 INFO: Wazuh indexer cluster initialized.
06/09/2023 15:28:29 INFO: --- Wazuh server ---
06/09/2023 15:28:29 INFO: Starting the Wazuh manager installation.
06/09/2023 15:28:58 INFO: Wazuh manager installation finished.
06/09/2023 15:28:58 INFO: Starting service wazuh-manager.
06/09/2023 15:29:09 INFO: wazuh-manager service started.
06/09/2023 15:29:09 INFO: Starting Filebeat installation.
06/09/2023 15:29:16 INFO: Filebeat installation finished.
06/09/2023 15:29:17 INFO: Filebeat post-install configuration finished.
06/09/2023 15:29:17 INFO: Starting service filebeat.
06/09/2023 15:29:17 INFO: filebeat service started.
06/09/2023 15:29:17 INFO: --- Wazuh dashboard ---
06/09/2023 15:29:20 INFO: --- Dependencies ---
06/09/2023 15:29:20 INFO: Installing chromium.
06/09/2023 15:29:21 WARNING: Cannot install optional dependency: chromium.
06/09/2023 15:29:21 INFO: Installing xorg-x11-fonts-100dpi.
06/09/2023 15:29:22 INFO: Installing xorg-x11-fonts-75dpi.
06/09/2023 15:29:23 INFO: Installing xorg-x11-utils.
06/09/2023 15:29:24 INFO: Installing xorg-x11-fonts-cyrillic.
06/09/2023 15:29:25 INFO: Installing xorg-x11-fonts-Type1.
06/09/2023 15:29:27 INFO: Installing xorg-x11-fonts-misc.
06/09/2023 15:29:29 INFO: Installing fontconfig.
06/09/2023 15:29:29 WARNING: Wazuh dashboard dependencies skipped. PDF report generation may not work.
06/09/2023 15:29:29 INFO: Starting Wazuh dashboard installation.
06/09/2023 15:30:20 INFO: Wazuh dashboard installation finished.
06/09/2023 15:30:20 INFO: Wazuh dashboard post-install configuration finished.
06/09/2023 15:30:20 INFO: Starting service wazuh-dashboard.
06/09/2023 15:30:20 INFO: wazuh-dashboard service started.
06/09/2023 15:30:35 INFO: Initializing Wazuh dashboard web application.
06/09/2023 15:30:36 INFO: Wazuh dashboard web application initialized.
06/09/2023 15:30:36 INFO: --- Summary ---
06/09/2023 15:30:36 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: bWAlsRGBJ88QKU+CBXO5+L7vi9kC7XO1
06/09/2023 15:30:36 INFO: Installation finished.
[root@centos71 unattended_installer]# grep -R "warehouse" wazuh-install.sh 
        eval "yum install https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-dashboard-4.6.0-wp.2420.x86_64.rpm -y ${debug}"
        eval "yum install https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-indexer-4.6.0-wp.2420.x86_64.rpm -y ${debug}"
        eval "${sys_type} install https://packages-dev.wazuh.com/warehouse/test/4.6/rpm/wazuh-manager-4.6.0-wp.2420.x86_64.rpm -y ${debug}"
[root@centos71 unattended_installer]# grep NODE_OPTIONS /usr/share/wazuh-dashboard/bin/use_node 
# NODE_OPTIONS is built using config/node.options and overridden by any previously set NODE_OPTIONS.
  NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"
 NODE_ENV=production exec "${NODE}" ${NODE_OPTIONS}  "${OSD_HOME}${OSD_USE_NODE_JS_FILE_PATH}" "${@}"
  NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"
 NODE_ENV=production exec "${NODE}" ${NODE_OPTIONS}  "${@}"
[root@centos71 unattended_installer]# grep "127" /etc/wazuh-dashboard/opensearch_dashboards.yml 
opensearch.hosts: https://127.0.0.1:9200
[root@centos71 unattended_installer]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2023-09-06 16:05:44 UTC; 7s ago
 Main PID: 30166 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─30166 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_da...

Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","plugins-service"],"pid":30166,"message":"Plugin \"dataSource\" is disabled."}
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","plugins-service"],"pid":30166,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","plugins-service"],"pid":30166,"message":"Plugin \"mlCommonsDashboards\" is disabled."}
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["warning","config","deprecation"],"pid":30166,"message":"\"opensearch.requestHeade...Allowlist\""}
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","plugins-system"],"pid":30166,"message":"Setting up [44] plugins: [alerting...mbeddable,exp
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","savedobjects-service"],"pid":30166,"message":"Waiting until all OpenSearch...grations..."}
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","savedobjects-service"],"pid":30166,"message":"Starting saved objects migrations"}
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","plugins-system"],"pid":30166,"message":"Starting [44] plugins: [alertingDa...eddable,expre
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["listening","info"],"pid":30166,"message":"Server running at https://0.0.0.0:443"}
Sep 06 16:05:46 centos71 opensearch-dashboards[30166]: {"type":"log","@timestamp":"2023-09-06T16:05:46Z","tags":["info","http","server","OpenSearchDashboards"],"pid":30166,"message":"http server ...0.0.0.0:443"}
Hint: Some lines were ellipsized, use -l to show in full.

@wazuhci wazuhci moved this from In progress to Pending review in Release 4.6.0 Sep 6, 2023
@davidjiglesias
Copy link
Member

LGTM!

@wazuhci wazuhci moved this from Pending review to Done in Release 4.6.0 Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rauldpm rauldpm

Labels
level/task Subtask issue type/change Change requested type/enhancement Enhancement issue
Projects
No open projects
Release 4.6.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improvements in Wazuh dahboard 4.6.0-2.8.0 package wazuh/wazuh-packages
2 participants
@rauldpm @davidjiglesias