diff --git a/tests/unattended/install/pytest.ini b/tests/unattended/install/pytest.ini index 8da65b5371..9275c734de 100644 --- a/tests/unattended/install/pytest.ini +++ b/tests/unattended/install/pytest.ini @@ -7,4 +7,4 @@ markers = wazuh_worker: test for wazuh cluster worker nodes. It is meant to be executed on the worker nodes. indexer: tests to be executed on Wazuh Indexer hosts. indexer_cluster: tests to be executed on Wazuh Indexer hosts on distributed installations. - dashboards: tests to be executed on Wazuh Dashboards hosts. \ No newline at end of file + dashboard: tests to be executed on Wazuh Dashboard hosts. \ No newline at end of file diff --git a/tests/unattended/install/test_unattended.py b/tests/unattended/install/test_unattended.py index a8d549a018..5115d8ade8 100644 --- a/tests/unattended/install/test_unattended.py +++ b/tests/unattended/install/test_unattended.py @@ -73,13 +73,13 @@ def api_call_elasticsearch(host,query,address,api_protocol,api_user,api_pass,api response = resp.json() return response -def get_dashboards_password(): - stream = open("/etc/wazuh-dashboards/dashboards.yml", 'r') +def get_dashboard_password(): + stream = open("/etc/wazuh-dashboard/dashboard.yml", 'r') dictionary = yaml.safe_load(stream) return (dictionary.get('opensearch.password')) -def get_dashboards_username(): - stream = open("/etc/wazuh-dashboards/dashboards.yml", 'r') +def get_dashboard_username(): + stream = open("/etc/wazuh-dashboard/dashboard.yml", 'r') dictionary = yaml.safe_load(stream) return (dictionary.get('opensearch.username')) @@ -91,11 +91,11 @@ def get_elasticsearch_cluster_status(): verify=False) return (resp.json()['status']) -def get_dashboards_status(): +def get_dashboard_status(): ip = get_indexer_ip() resp = requests.get('https://'+ip, - auth=(get_dashboards_username(), - get_dashboards_password()), + auth=(get_dashboard_username(), + get_dashboard_password()), verify=False) return (resp.status_code) @@ -174,9 +174,9 @@ def test_check_filebeat_process(): def test_check_elasticsearch_process(): assert check_call("ps -xa | grep \"/usr/share/wazuh-indexer/jdk/bin/java\" | grep -v grep | cut -d \" \" -f15", shell=True) != "" -@pytest.mark.dashboards -def test_check_dashboards_process(): - assert check_call("ps -xa | grep \"/usr/share/wazuh-dashboards/bin/../node/bin/node\" | grep -v grep", shell=True) != "" +@pytest.mark.dashboard +def test_check_dashboard_process(): + assert check_call("ps -xa | grep \"/usr/share/wazuh-dashboard/bin/../node/bin/node\" | grep -v grep", shell=True) != "" @pytest.mark.indexer def test_check_elasticsearch_cluster_status_not_red(): @@ -186,9 +186,9 @@ def test_check_elasticsearch_cluster_status_not_red(): def test_check_elasticsearch_cluster_status_not_yellow(): assert get_elasticsearch_cluster_status() != "yellow" -@pytest.mark.dashboards -def test_check_dashboards_status(): - assert get_dashboards_status() == 200 +@pytest.mark.dashboard +def test_check_dashboard_status(): + assert get_dashboard_status() == 200 @pytest.mark.wazuh def test_check_wazuh_api_status(): diff --git a/unattended_installer/config/certificate/config.yml b/unattended_installer/config/certificate/config.yml index 90c239660f..48ab75bbd0 100644 --- a/unattended_installer/config/certificate/config.yml +++ b/unattended_installer/config/certificate/config.yml @@ -18,7 +18,7 @@ nodes: # ip: # node_type: worker - # Wazuh dashboards node - dashboards: - name: dashboards - ip: + # Wazuh dashboard node + dashboard: + name: dashboard + ip: diff --git a/unattended_installer/config/certificate/config_aio.yml b/unattended_installer/config/certificate/config_aio.yml index 9e45e7f73a..878a6a24f5 100644 --- a/unattended_installer/config/certificate/config_aio.yml +++ b/unattended_installer/config/certificate/config_aio.yml @@ -5,6 +5,6 @@ nodes: wazuh_servers: name: filebeat ip: 127.0.0.1 - dashboards: - name: dashboards + dashboard: + name: dashboard ip: 127.0.0.1 diff --git a/unattended_installer/config/dashboards/dashboards.yml b/unattended_installer/config/dashboard/dashboard.yml similarity index 69% rename from unattended_installer/config/dashboards/dashboards.yml rename to unattended_installer/config/dashboard/dashboard.yml index fdc85a371c..c0a48512f1 100644 --- a/unattended_installer/config/dashboards/dashboards.yml +++ b/unattended_installer/config/dashboard/dashboard.yml @@ -8,7 +8,7 @@ opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: true opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true -server.ssl.key: "/etc/wazuh-dashboards/certs/kibana-key.pem" -server.ssl.certificate: "/etc/wazuh-dashboards/certs/kibana.pem" -opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboards/certs/root-ca.pem"] +server.ssl.key: "/etc/wazuh-dashboard/certs/kibana-key.pem" +server.ssl.certificate: "/etc/wazuh-dashboard/certs/kibana.pem" +opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] server.defaultRoute: /app/wazuh?security_tenant=global diff --git a/unattended_installer/config/dashboards/dashboards_all_in_one.yml b/unattended_installer/config/dashboard/dashboard_all_in_one.yml similarity index 63% rename from unattended_installer/config/dashboards/dashboards_all_in_one.yml rename to unattended_installer/config/dashboard/dashboard_all_in_one.yml index a07e31b9a6..52ce0096e9 100644 --- a/unattended_installer/config/dashboards/dashboards_all_in_one.yml +++ b/unattended_installer/config/dashboard/dashboard_all_in_one.yml @@ -8,8 +8,8 @@ opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: true opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true -server.ssl.key: "/etc/wazuh-dashboards/certs/kibana-key.pem" -server.ssl.certificate: "/etc/wazuh-dashboards/certs/kibana.pem" -opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboards/certs/root-ca.pem"] +server.ssl.key: "/etc/wazuh-dashboard/certs/kibana-key.pem" +server.ssl.certificate: "/etc/wazuh-dashboard/certs/kibana.pem" +opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global -logging.dest: "/var/log/wazuh-dashboards/wazuh-dashboards.log" +logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log" diff --git a/unattended_installer/config/dashboards/dashboards_unattended.yml b/unattended_installer/config/dashboard/dashboard_unattended.yml similarity index 62% rename from unattended_installer/config/dashboards/dashboards_unattended.yml rename to unattended_installer/config/dashboard/dashboard_unattended.yml index 3f9ce412e7..4d687cf4b3 100644 --- a/unattended_installer/config/dashboards/dashboards_unattended.yml +++ b/unattended_installer/config/dashboard/dashboard_unattended.yml @@ -8,8 +8,8 @@ opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: true opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true -server.ssl.key: "/etc/wazuh-dashboards/certs/dashboards-key.pem" -server.ssl.certificate: "/etc/wazuh-dashboards/certs/dashboards.pem" -opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboards/certs/root-ca.pem"] +server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem" +server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global -logging.dest: "/var/log/wazuh-dashboards/wazuh-dashboards.log" +logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log" diff --git a/unattended_installer/config/dashboards/dashboards_unattended_distributed.yml b/unattended_installer/config/dashboard/dashboard_unattended_distributed.yml similarity index 59% rename from unattended_installer/config/dashboards/dashboards_unattended_distributed.yml rename to unattended_installer/config/dashboard/dashboard_unattended_distributed.yml index a697ac34eb..4643760f36 100644 --- a/unattended_installer/config/dashboards/dashboards_unattended_distributed.yml +++ b/unattended_installer/config/dashboard/dashboard_unattended_distributed.yml @@ -6,9 +6,9 @@ opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: true opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true -server.ssl.key: "/etc/wazuh-dashboards/certs/dashboards-key.pem" -server.ssl.certificate: "/etc/wazuh-dashboards/certs/dashboards.pem" -opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboards/certs/root-ca.pem"] +server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem" +server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global -logging.dest: "/var/log/wazuh-dashboards/wazuh-dashboards.log" +logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log" diff --git a/unattended_installer/config/indexer/roles/roles.yml b/unattended_installer/config/indexer/roles/roles.yml index ed47beae5f..65bd53c773 100644 --- a/unattended_installer/config/indexer/roles/roles.yml +++ b/unattended_installer/config/indexer/roles/roles.yml @@ -2,7 +2,7 @@ _meta: type: "roles" config_version: 2 -# Restrict users so they can only view visualization and dashboards on kibana +# Restrict users so they can only view visualization and dashboard on kibana kibana_read_only: reserved: true @@ -142,7 +142,7 @@ wazuh_ui_user: allowed_actions: - "read" tenant_permissions: [] - static: false + static: false wazuh_ui_admin: reserved: true @@ -160,4 +160,4 @@ wazuh_ui_admin: - "manage" - "index" tenant_permissions: [] - static: false \ No newline at end of file + static: false \ No newline at end of file diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index 494087abe6..528de62cbf 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -21,18 +21,18 @@ function checks_arguments() { # -------------- Configurations --------------------------------- if [[ ( -n "${AIO}" || -n "${configurations}" ) && -f "${tar_file}" ]]; then - logger -e "File ${tar_file} exists. Please remove it if you want to use a new configuration." - exit 1 + logger -e "File ${tar_file} exists. Please remove it if you want to use a new configuration." + exit 1 fi - if [[ -n "${configurations}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboards}" || -n "${wazuh}" || -n "${overwrite}" || -n "${start_elastic_cluster}" || -n "${tar_conf}" || -n "${uninstall}" ) ]]; then + if [[ -n "${configurations}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" || -n "${overwrite}" || -n "${start_elastic_cluster}" || -n "${tar_conf}" || -n "${uninstall}" ) ]]; then logger -e "The argument -c|--create-configurations can't be used with -a, -k, -e, -u or -w arguments." exit 1 fi # -------------- Overwrite -------------------------------------- - if [ -n "${overwrite}" ] && [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboards}" ] && [ -z "${wazuh}" ]; then + if [ -n "${overwrite}" ] && [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ]; then logger -e "The argument -o|--overwrite must be used with -a, -k, -e or -w. If you want to uninstall all the components use -u|--uninstall" exit 1 fi @@ -41,90 +41,70 @@ function checks_arguments() { if [ -n "${uninstall}" ]; then - if [ -z "${wazuhinstalled}" ] && [ -z "${wazuh_remaining_files}" ]; then - logger "Wazuh manager components were not found on the system so it was not uninstalled." - fi - - if [ -z "${filebeatinstalled}" ] && [ -z "${filebeat_remaining_files}" ]; then - logger "Filebeat components were not found on the system so it was not uninstalled." - fi - - if [ -z "${indexerchinstalled}" ] && [ -z "${indexer_remaining_files}" ]; then - logger "Elasticsearch components were not found on the system so it was not uninstalled." - fi - - if [ -z "${dashboardsinstalled}" ] && [ -z "${dashboards_remaining_files}" ]; then - logger "Kibana components were found on the system so it was not uninstalled." + if [ -n "$AIO" ] || [ -n "$indexer" ] || [ -n "$dashboard" ] || [ -n "$wazuh" ]; then + logger -e "The argument -u|--uninstall can't be used with -a, -wd, -wi or -ws. If you want to overwrite the components use -o|--overwrite." + exit 1 fi - if [ -n "$AIO" ] || [ -n "$elasticsearch" ] || [ -n "$kibana" ] || [ -n "$wazuh" ]; then - logger -e "The argument -u|--uninstall can't be used with -a, -k, -e or -w. If you want to overwrite the components use -o|--overwrite" + if ! [ "${uninstall_component_name}" == "all" -o "${uninstall_component_name}" == "manager" -o "${uninstall_component_name}" == "indexer" -o "${uninstall_component_name}" == "dashboard" ]; then + logger -e "The argument -u|--uninstall only accepts the following parameters: all, manager, indexer or dashboard." exit 1 fi + fi # -------------- All-In-One ------------------------------------- if [ -n "${AIO}" ]; then - if [ -n "$elasticsearch" ] || [ -n "$kibana" ] || [ -n "$wazuh" ]; then - logger -e "Argument -a|--all-in-one is not compatible with -e|--elasticsearch, -k|--kibana or -w|--wazuh-server" + if [ -n "$indexer" ] || [ -n "$dashboard" ] || [ -n "$wazuh" ]; then + logger -e "Argument -a|--all-in-one is not compatible with -wi, -wd or -ws" exit 1 fi - if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ] || [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ] || [ -n "${filebeatinstalled}" ] || [ -n "${filebeat_remaining_files}" ] || [ -n "${dashboardsinstalled}" ] || [ -n "${dashboards_remaining_files}" ]; then - if [ -n "${overwrite}" ]; then - rollBack - else + if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ] || [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ] || [ -n "${filebeatinstalled}" ] || [ -n "${filebeat_remaining_files}" ] || [ -n "${dashboardinstalled}" ] || [ -n "${dashboard_remaining_files}" ]; then + if [ -z "${overwrite}" ]; then logger -e "Some the Wazuh components were found on this host. If you want to overwrite the current installation, run this script back using the option -o/--overwrite. NOTE: This will erase all the existing configuration and data." exit 1 fi fi fi - # -------------- Elasticsearch ---------------------------------- + # -------------- Wazuh indexer ---------------------------------- if [ -n "${indexer}" ]; then if [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ]; then - if [ -n "${overwrite}" ]; then - rollBack - else - logger -e "Elasticsearch is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." + if [ -z "${overwrite}" ]; then + logger -e "Wazuh indexer is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." exit 1 fi fi fi - # -------------- Kibana ----------------------------------------- + # -------------- Wazuh dashboard ----------------------------------------- - if [ -n "${dashboards}" ]; then - if [ -n "${dashboardsinstalled}" ] || [ -n "${dashboards_remaining_files}" ]; then - if [ -n "${overwrite}" ]; then - rollBack - else - logger -e "Kibana is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." + if [ -n "${dashboard}" ]; then + if [ -n "${dashboardinstalled}" ] || [ -n "${dashboard_remaining_files}" ]; then + if [ -z "${overwrite}" ]; then + logger -e "Wazuh dashboard is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." exit 1 fi fi fi - # -------------- Wazuh ------------------------------------------ + # -------------- Wazuh manager ------------------------------------------ if [ -n "${wazuh}" ]; then if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ]; then - if [ -n "${overwrite}" ]; then - rollBack - else - logger -e "Wazuh is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." + if [ -z "${overwrite}" ]; then + logger -e "Wazuh manager is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." exit 1 fi fi if [ -n "${filebeatinstalled}" ] || [ -n "${filebeat_remaining_files}" ]; then - if [ -n "${overwrite}" ]; then - rollBack - else + if [ -z "${overwrite}" ]; then logger -e "Filebeat is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." exit 1 fi @@ -133,15 +113,15 @@ function checks_arguments() { # -------------- Cluster start ---------------------------------- - if [[ -n "${start_elastic_cluster}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboards}" || -n "${wazuh}" || -n "${overwrite}" || -n "${configurations}" || -n "${tar_conf}" || -n "${uninstall}") ]]; then + if [[ -n "${start_elastic_cluster}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" || -n "${overwrite}" || -n "${configurations}" || -n "${tar_conf}" || -n "${uninstall}") ]]; then logger -e "The argument -s|--start-cluster can't be used with -a, -k, -e or -w arguments." exit 1 fi # -------------- Global ----------------------------------------- - if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboards}" ] && [ -z "${wazuh}" ] && [ -z "${start_elastic_cluster}" ] && [ -z "${configurations}" ] && [ -z "${uninstall}"]; then - logger -e "At least one of these arguments is necessary -a|--all-in-one, -c|--create-configurations, -e|--elasticsearch , -k|--kibana , -s|--start-cluster, -w|--wazuh-server , -u|--uninstall" + if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ] && [ -z "${start_elastic_cluster}" ] && [ -z "${configurations}" ] && [ -z "${uninstall}" ]; then + logger -e "At least one of these arguments is necessary -a|--all-in-one, -c|--create-configurations, -wi|--wazuh-indexer , -wd|--wazuh-dashboard , -s|--start-cluster, -ws|--wazuh-server , -u|--uninstall" exit 1 fi @@ -155,16 +135,16 @@ function checks_health() { logger -e "Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements." exit 1 else - logger "Check recommended minimum hardware requirements for Elasticsearch done." + logger "Check recommended minimum hardware requirements for Wazuh indexer done." fi fi - if [ -n "${dashboards}" ]; then + if [ -n "${dashboard}" ]; then if [ "${cores}" -lt 2 ] || [ "${ram_gb}" -lt 3700 ]; then logger -e "Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements." exit 1 else - logger "Check recommended minimum hardware requirements for Kibana done." + logger "Check recommended minimum hardware requirements for Wazuh dashboard done." fi fi @@ -188,7 +168,7 @@ function checks_health() { } -function checks_installed() { +function checks_installed_component() { if [ "${sys_type}" == "yum" ]; then wazuhinstalled=$(yum list installed 2>/dev/null | grep wazuh-manager) @@ -198,10 +178,6 @@ function checks_installed() { wazuhinstalled=$(apt list --installed 2>/dev/null | grep wazuh-manager) fi - if [ -d "/var/ossec" ]; then - wazuh_remaining_files=1 - fi - if [ "${sys_type}" == "yum" ]; then indexerchinstalled=$(yum list installed 2>/dev/null | grep wazuh-indexer | grep -v kibana) elif [ "${sys_type}" == "zypper" ]; then @@ -210,10 +186,6 @@ function checks_installed() { indexerchinstalled=$(apt list --installed 2>/dev/null | grep wazuh-indexer | grep -v kibana) fi - if [ -d "/var/lib/wazuh-indexer/" ] || [ -d "/usr/share/wazuh-indexer" ] || [ -d "/etc/wazuh-indexer" ] || [ -f "${base_path}/search-guard-tlstool*" ]; then - indexer_remaining_files=1 - fi - if [ "${sys_type}" == "yum" ]; then filebeatinstalled=$(yum list installed 2>/dev/null | grep filebeat) elif [ "${sys_type}" == "zypper" ]; then @@ -222,39 +194,68 @@ function checks_installed() { filebeatinstalled=$(apt list --installed 2>/dev/null | grep filebeat) fi - if [ -d "/var/lib/filebeat/" ] || [ -d "/usr/share/filebeat" ] || [ -d "/etc/filebeat" ]; then - filebeat_remaining_files=1 - fi - if [ "${sys_type}" == "yum" ]; then - dashboardsinstalled=$(yum list installed 2>/dev/null | grep wazuh-dashboards) + dashboardinstalled=$(yum list installed 2>/dev/null | grep wazuh-dashboard) elif [ "${sys_type}" == "zypper" ]; then - dashboardsinstalled=$(zypper packages | grep wazuh-dashboards | grep i+) + dashboardinstalled=$(zypper packages | grep wazuh-dashboard | grep i+) elif [ "${sys_type}" == "apt-get" ]; then - dashboardsinstalled=$(apt list --installed 2>/dev/null | grep wazuh-dashboards) + dashboardinstalled=$(apt list --installed 2>/dev/null | grep wazuh-dashboard) fi - if [ -d "/var/lib/wazuh-dashboards/" ] || [ -d "/usr/share/wazuh-dashboards" ] || [ -d "/etc/wazuh-dashboards" ] || [ -d "/run/wazuh-dashboards/" ]; then - dashboards_remaining_files=1 + checkWazuhRemainingFiles + checkFilebeatRemainingFiles + checkIndexerRemainingFiles + checkDashboardRemainingFiles + +} + +function checkWazuhRemainingFiles() { + if [ -d "/var/ossec" ]; then + wazuh_remaining_files=1 + else + wazuh_remaining_files="" fi +} +function checkFilebeatRemainingFiles() { + if [ -d "/var/lib/filebeat/" ] || [ -d "/usr/share/filebeat" ] || [ -d "/etc/filebeat" ]; then + filebeat_remaining_files=1 + else + filebeat_remaining_files="" + fi +} + +function checkIndexerRemainingFiles() { + if [ -d "/var/lib/wazuh-indexer/" ] || [ -d "/usr/share/wazuh-indexer" ] || [ -d "/etc/wazuh-indexer" ] || [ -f "${base_path}/search-guard-tlstool*" ]; then + indexer_remaining_files=1 + else + indexer_remaining_files="" + fi +} + +function checkDashboardRemainingFiles() { + if [ -d "/var/lib/wazuh-dashboard/" ] || [ -d "/usr/share/wazuh-dashboard" ] || [ -d "/etc/wazuh-dashboard" ] || [ -d "/run/wazuh-dashboard/" ]; then + dashboard_remaining_files=1 + else + dashboard_remaining_files="" + fi } # This function ensures different names in the config.yml file. function checks_names() { if [ -n "${indxname}" ] && [ -n "${dashname}" ] && [ "${indxname}" == "${dashname}" ]; then - logger -e "The node names for Elastisearch and Kibana must be different." + logger -e "The node names for Wazuh indexer and Wazuh Dashboard must be different." exit 1 fi if [ -n "${indxname}" ] && [ -n "${winame}" ] && [ "${indxname}" == "${winame}" ]; then - logger -e "The node names for Elastisearch and Wazuh must be different." + logger -e "The node names for Wazuh indexer and Wazuh manager must be different." exit 1 fi if [ -n "${winame}" ] && [ -n "${dashname}" ] && [ "${winame}" == "${dashname}" ]; then - logger -e "The node names for Wazuh and Kibana must be different." + logger -e "The node names for Wazuh manager and Wazuh dashboard must be different." exit 1 fi @@ -264,12 +265,12 @@ function checks_names() { fi if [ -n "${indxname}" ] && [ -z "$(echo "${indexer_node_names[@]}" | grep -w "${indxname}")" ]; then - logger -e "The Elasticsearch node name ${indxname} does not appear on the configuration file." + logger -e "The Wazuh indexer node name ${indxname} does not appear on the configuration file." exit 1 fi - if [ -n "${dashname}" ] && [ -z "$(echo "${dashboards_node_names[@]}" | grep -w "${dashname}")" ]; then - logger -e "The Kibana node name ${dashname} does not appear on the configuration file." + if [ -n "${dashname}" ] && [ -z "$(echo "${dashboard_node_names[@]}" | grep -w "${dashname}")" ]; then + logger -e "The Wazuh dashboard node name ${dashname} does not appear on the configuration file." exit 1 fi @@ -285,21 +286,21 @@ function checks_previousCertificate() { if [ -n "${indxname}" ]; then if ! $(tar -tf "${tar_file}" | grep -q "${indxname}".pem) || ! $(tar -tf "${tar_file}" | grep -q "${indxname}"-key.pem); then - logger -e "There is no certificate for the elasticsearch node ${indxname} in ${tar_file}." + logger -e "There is no certificate for the Wazuh indexer node ${indxname} in ${tar_file}." exit 1 fi fi if [ -n "${dashname}" ]; then if ! $(tar -tf "${tar_file}" | grep -q "${dashname}".pem) || ! $(tar -tf "${tar_file}" | grep -q "${dashname}"-key.pem); then - logger -e "There is no certificate for the kibana node ${dashname} in ${tar_file}." + logger -e "There is no certificate for the Wazuh dashboard node ${dashname} in ${tar_file}." exit 1 fi fi if [ -n "${winame}" ]; then if ! $(tar -tf "${tar_file}" | grep -q "${winame}".pem) || ! $(tar -tf "${tar_file}" | grep -q "${winame}"-key.pem); then - logger -e "There is no certificate for the wazuh server node ${winame} in ${tar_file}." + logger -e "There is no certificate for the Wazuh manager node ${winame} in ${tar_file}." exit 1 fi fi diff --git a/unattended_installer/install_functions/common.sh b/unattended_installer/install_functions/common.sh index f828da14f8..5fd67060c7 100644 --- a/unattended_installer/install_functions/common.sh +++ b/unattended_installer/install_functions/common.sh @@ -66,7 +66,7 @@ function common_createCertificates() { generateAdmincertificate generateIndexercertificates generateFilebeatcertificates - generateDashboardscertificates + generatedashboardcertificates cleanFiles } @@ -190,7 +190,7 @@ User: name: kibanaserver password: kibanaserverpassword" - exit 1 + exit 1 fi sfileusers=$(grep name: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }') @@ -221,7 +221,7 @@ User: finalusers=() finalpasswords=() - if [ -n "${dashboardsinstalled}" ] && [ -n "${dashboards}" ]; then + if [ -n "${dashboardinstalled}" ] && [ -n "${dashboard}" ]; then users=( kibanaserver admin ) fi @@ -273,106 +273,68 @@ function common_restoreWazuhrepo() { function common_rollBack() { - if [ -z "${uninstall}" ]; then - logger "Cleaning the installation." - fi + componentList=("${wazuhinstalled}" "${filebeatinstalled}" "${indexerchinstalled}" "${dashboardinstalled}") - if [ -f "/etc/yum.repos.d/wazuh.repo" ]; then - eval "rm /etc/yum.repos.d/wazuh.repo" - elif [ -f "/etc/zypp/repos.d/wazuh.repo" ]; then - eval "rm /etc/zypp/repos.d/wazuh.repo" - elif [ -f "/etc/apt/sources.list.d/wazuh.list" ]; then - eval "rm /etc/apt/sources.list.d/wazuh.list" - fi + logger "Analyzing components to uninstall and clean." - if [[ -n "${wazuhinstalled}" && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]];then - logger -w "Removing the Wazuh manager." - if [ "${sys_type}" == "yum" ]; then - eval "yum remove wazuh-manager -y ${debug}" - elif [ "${sys_type}" == "zypper" ]; then - eval "zypper -n remove wazuh-manager ${debug}" - eval "rm -f /etc/init.d/wazuh-manager ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt remove --purge wazuh-manager -y ${debug}" + # Uninstall case: manager + if [ "${uninstall_component_name}" == "all" ] || [ "${uninstall_component_name}" == "manager" ]; then + if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ] || [ -n "${filebeatinstalled}" ] || [ -n "${filebeat_remaining_files}" ]; then + manager_uninstall + else + logger "Wazuh manager components were not found on the system so it was not uninstalled." fi fi + # Uninstall case: indexer + if [ "${uninstall_component_name}" == "all" ] || [ "${uninstall_component_name}" == "indexer" ]; then + if [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ]; then + indexer_uninstall + else - if [[ ( -n "${wazuh_remaining_files}" || -n "${wazuhinstalled}" ) && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/ossec/ ${debug}" - fi - - if [[ -n "${indexerchinstalled}" && ( -n "${indexer}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - logger -w "Removing Wazuh indexer." - if [ "${sys_type}" == "yum" ]; then - eval "yum remove wazuh-indexer -y ${debug}" - elif [ "${sys_type}" == "zypper" ]; then - eval "zypper -n remove wazuh-indexer ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt remove --purge ^wazuh-indexer -y ${debug}" + logger "Wazuh indexer components were not found on the system so it was not uninstalled." fi fi - - if [[ ( -n "${indexer_remaining_files}" || -n "${indexerchinstalled}" ) && ( -n "${indexer}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/lib/wazuh-indexer/ ${debug}" - eval "rm -rf /usr/share/wazuh-indexer/ ${debug}" - eval "rm -rf /etc/wazuh-indexer/ ${debug}" + # Uninstall case: dashboard + if [ "${uninstall_component_name}" == "all" ] || [ "${uninstall_component_name}" == "dashboard" ]; then + if [ -n "${dashboardinstalled}" ] || [ -n "${dashboard_remaining_files}" ]; then + dashboard_uninstall + else + logger "Wazuh dashboard components were not found on the system so it was not uninstalled." + fi fi - if [[ -n "${filebeatinstalled}" && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - logger -w "Removing Filebeat." - if [ "${sys_type}" == "yum" ]; then - eval "yum remove filebeat -y ${debug}" - elif [ "${sys_type}" == "zypper" ]; then - eval "zypper -n remove filebeat ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt remove --purge filebeat -y ${debug}" + # Overwrite case + for component in "${componentList[@]}"; do + if [ "${component}" == "manager" ] || [ "${component}" == "indexer" ] || [ "${component}" == "dashboard" ] ; then + eval "${component}_uninstall" fi - fi + done - if [[ ( -n "${filebeat_remaining_files}" || -n "${filebeatinstalled}" ) && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/lib/filebeat/ ${debug}" - eval "rm -rf /usr/share/filebeat/ ${debug}" - eval "rm -rf /etc/filebeat/ ${debug}" - fi + checks_installed_component - if [[ -n "${dashboardsinstalled}" && ( -n "${dashboards}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - logger -w "Removing Wazuh dashboards." - if [ "${sys_type}" == "yum" ]; then - eval "yum remove wazuh-dashboards -y ${debug}" - elif [ "${sys_type}" == "zypper" ]; then - eval "zypper -n remove wazuh-dashboards ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt remove --purge wazuh-dashboards -y ${debug}" - fi + if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ] || [ -n "${filebeatinstalled}" ] || [ -n "${filebeat_remaining_files}" ] || [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ] || [ -n "${dashboardinstalled}" ] || [ -n "${dashboard_remaining_files}" ]; then + logger -w "Some Wazuh components are still installed on this host." + else + rollBackRepositories fi - if [[ ( -n "${dashboards_remaining_files}" || -n "${dashboardsinstalled}" ) && ( -n "${dashboards}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/lib/wazuh-dashboards/ ${debug}" - eval "rm -rf /usr/share/wazuh-dashboards/ ${debug}" - eval "rm -rf /etc/wazuh-dashboards/ ${debug}" - eval "rm -rf /run/wazuh-dashboards/ ${debug}" +} + +function rollBackRepositories() { + + if [ -f "/etc/yum.repos.d/wazuh.repo" ]; then + eval "rm /etc/yum.repos.d/wazuh.repo" + deleteRepositorie="true" + elif [ -f "/etc/zypp/repos.d/wazuh.repo" ]; then + eval "rm /etc/zypp/repos.d/wazuh.repo" + deleteRepositorie="true" + elif [ -f "/etc/apt/sources.list.d/wazuh.list" ]; then + eval "rm /etc/apt/sources.list.d/wazuh.list" + deleteRepositorie="true" fi - elements_to_remove=( "/var/log/elasticsearch/" - "/var/log/filebeat/" - "/etc/systemd/system/opensearch.service.wants/" - "/securityadmin_demo.sh" - "/etc/systemd/system/multi-user.target.wants/wazuh-manager.service" - "/etc/systemd/system/multi-user.target.wants/filebeat.service" - "/etc/systemd/system/multi-user.target.wants/opensearch.service" - "/etc/systemd/system/multi-user.target.wants/wazuh-dashboards.service" - "/etc/systemd/system/wazuh-dashboards.service" - "/lib/firewalld/services/dashboards.xml" - "/lib/firewalld/services/opensearch.xml" ) - - eval "rm -rf ${elements_to_remove[*]}" - - if [ -z "${uninstall}" ]; then - if [ -n "${srollback_conf}" ] || [ -n "${overwrite}" ]; then - logger "Installation cleaned." - else - logger "Installation cleaned. Check the ${logfile} file to learn more about the issue." - fi + if [ -n "${deleteRepositorie}" ]; then + logger "Repositories were removed." fi } diff --git a/unattended_installer/install_functions/dashboard.sh b/unattended_installer/install_functions/dashboard.sh new file mode 100644 index 0000000000..06c5b32d01 --- /dev/null +++ b/unattended_installer/install_functions/dashboard.sh @@ -0,0 +1,199 @@ +# Wazuh installer - dashboard.sh functions. +# Copyright (C) 2015, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + +readonly d_certs_path="/etc/wazuh-dashboard/certs/" + +function dashboard_configure() { + + dashboard_copyCertificates + + if [ -n "${AIO}" ]; then + eval "common_getConfig dashboard/dashboard_unattended.yml /etc/wazuh-dashboard/dashboard.yml ${debug}" + else + eval "common_getConfig dashboard/dashboard_unattended_distributed.yml /etc/wazuh-dashboard/dashboard.yml ${debug}" + if [ "${#dashboard_node_names[@]}" -eq 1 ]; then + pos=0 + ip=${dashboard_node_ips[0]} + else + for i in "${!dashboard_node_names[@]}"; do + if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then + pos="${i}"; + fi + done + ip=${dashboard_node_ips[pos]} + fi + + echo 'server.host: "'${ip}'"' >> /etc/wazuh-dashboard/dashboard.yml + + if [ "${#indexer_node_names[@]}" -eq 1 ]; then + echo "opensearch.hosts: https://"${indexer_node_ips[0]}":9700" >> /etc/wazuh-dashboard/dashboard.yml + else + echo "opensearch.hosts:" >> /etc/wazuh-dashboard/dashboard.yml + for i in "${indexer_node_ips[@]}"; do + echo " - https://${i}:9700" >> /etc/wazuh-dashboard/dashboard.yml + done + fi + fi + + logger "Wazuh dashboard post-install configuration finished." + +} + +function dashboard_copyCertificates() { + + eval "rm -f ${d_certs_path}/* ${debug}" + if [ -f "${tar_file}" ]; then + + name=${dashboard_node_names[pos]} + + eval "tar -xf ${tar_file} -C ${d_certs_path} ./${name}.pem && mv ${d_certs_path}${name}.pem ${d_certs_path}dashboard.pem ${debug}" + eval "tar -xf ${tar_file} -C ${d_certs_path} ./${name}-key.pem && mv ${d_certs_path}${name}-key.pem ${d_certs_path}dashboard-key.pem ${debug}" + eval "tar -xf ${tar_file} -C ${d_certs_path} ./root-ca.pem ${debug}" + eval "chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/ ${debug}" + eval "chmod -R 500 ${d_certs_path} ${debug}" + eval "chmod 440 ${d_certs_path}* ${debug}" + logger -d "Wazuh dashboard certificate setup finished." + else + logger -e "No certificates found. Wazuh dashboard could not be initialized." + exit 1 + fi + +} + +function dashboard_initialize() { + + logger "Starting Wazuh dashboard (this may take a while)." + common_getPass "admin" + j=0 + + if [ "${#dashboard_node_names[@]}" -eq 1 ]; then + nodes_dashboard_ip=${dashboard_node_ips[0]} + else + for i in "${!dashboard_node_names[@]}"; do + if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then + pos="${i}"; + fi + done + nodes_dashboard_ip=${dashboard_node_ips[pos]} + fi + until [ "$(curl -XGET https://${nodes_dashboard_ip}/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null)" -eq "200" ] || [ "${j}" -eq "12" ]; do + sleep 10 + j=$((j+1)) + done + + if [ "${#wazuh_servers_node_names[@]}" -eq 1 ]; then + wazuh_api_address=${wazuh_servers_node_ips[0]} + else + for i in "${!wazuh_servers_node_types[@]}"; do + if [[ "${wazuh_servers_node_types[i]}" == "master" ]]; then + wazuh_api_address=${wazuh_servers_node_ips[i]} + fi + done + fi + eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" + + if [ ${j} -eq 12 ]; then + flag="-w" + if [ -z "${force}" ]; then + flag="-e" + fi + failed_nodes=() + logger "${flag}" "Cannot connect to Wazuh dashboard." + + for i in "${!indexer_node_ips[@]}"; do + curl=$(curl -XGET https://${indexer_node_ips[i]}:9700/ -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null) + exit_code=$? + if [[ "${exit_code}" -eq "7" ]]; then + failed_connect=1 + failed_nodes+=("${indexer_node_names[i]}") + fi + done + logger "${flag}" "Failed to connect with ${failed_nodes[*]}. Connection refused." + if [ -z "${force}" ]; then + logger "If want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -F option" + common_rollBack + exit 1 + else + logger "When Wazuh dashboard is able to connect to your Wazuh indexer cluster, you can access the web interface https://${nodes_dashboard_ip}. The credentials are admin:${u_pass}" + fi + else + logger "You can access the web interface https://${nodes_dashboard_ip}. The credentials are admin:${u_pass}" + fi + +} + +function dashboard_initializeAIO() { + + logger "Starting Wazuh dashboard (this may take a while)." + common_getPass "admin" + until [ "$(curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null)" -eq "200" ] || [ "${i}" -eq 12 ]; do + sleep 10 + i=$((i+1)) + done + if [ ${i} -eq 12 ]; then + logger -e "Cannot connect to Wazuh dashboard." + common_rollBack + exit 1 + fi + logger "Wazuh dashboard started." + logger "You can access the web interface https://. The credentials are admin:${u_pass}" + +} + +function dashboard_install() { + + logger "Starting Wazuh dashboard installation." + if [ "${sys_type}" == "zypper" ]; then + eval "zypper -n install wazuh-dashboard=${wazuh_version}-${wazuh_revision} ${debug}" + elif [ "${sys_type}" == "yum" ]; then + eval "yum install wazuh-dashboards${sep}${wazuh_version}-${wazuh_revision} -y ${debug}" + elif [ "${sys_type}" == "apt-get" ]; then + eval "DEBIAN_FRONTEND=noninteractive apt install wazuh-dashboards${sep}${wazuh_version}-${wazuh_revision} -y ${debug}" + fi + if [ "$?" != 0 ]; then + logger -e "Wazuh dashboard installation failed." + dashboardinstalled="dashboard" + common_rollBack + exit 1 + else + dashboardinstalled="1" + logger "Wazuh dashboard installation finished." + fi + +} + +function dashboard_uninstall() { + + logger "Starting Wazuh dashboard uninstall." + + if [[ -n "${dashboardinstalled}" ]]; then + logger -w "Removing Wazuh dashboard packages." + if [ "${sys_type}" == "yum" ]; then + eval "yum remove wazuh-dashboard -y ${debug}" + elif [ "${sys_type}" == "zypper" ]; then + eval "zypper -n remove wazuh-dashboard ${debug}" + elif [ "${sys_type}" == "apt-get" ]; then + eval "apt remove --purge wazuh-dashboard -y ${debug}" + fi + fi + + if [[ -n "${dashboard_remaining_files}" ]]; then + logger -w "Removing Wazuh dashboard files." + + elements_to_remove=( "/etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service" + "/etc/systemd/system/wazuh-dashboard.service" + "/lib/firewalld/services/dashboard.xml" + "/usr/share/wazuh-dashboard" + "/run/wazuh-dashboard/" + "/etc/wazuh-dashboard/" + "/var/lib/wazuh-dashboard/" ) + + eval "rm -rf ${elements_to_remove[*]} ${debug}" + fi + +} \ No newline at end of file diff --git a/unattended_installer/install_functions/dashboards.sh b/unattended_installer/install_functions/dashboards.sh deleted file mode 100644 index 263f9d6c4b..0000000000 --- a/unattended_installer/install_functions/dashboards.sh +++ /dev/null @@ -1,168 +0,0 @@ -# Wazuh installer - dashboards.sh functions. -# Copyright (C) 2015, Wazuh Inc. -# -# This program is a free software; you can redistribute it -# and/or modify it under the terms of the GNU General Public -# License (version 2) as published by the FSF - Free Software -# Foundation. - -readonly d_certs_path="/etc/wazuh-dashboards/certs/" - -function dashboards_configure() { - - dashboards_copyCertificates - - if [ -n "${AIO}" ]; then - eval "common_getConfig dashboards/dashboards_unattended.yml /etc/wazuh-dashboards/dashboards.yml ${debug}" - else - eval "common_getConfig dashboards/dashboards_unattended_distributed.yml /etc/wazuh-dashboards/dashboards.yml ${debug}" - if [ "${#dashboards_node_names[@]}" -eq 1 ]; then - pos=0 - ip=${dashboards_node_ips[0]} - else - for i in "${!dashboards_node_names[@]}"; do - if [[ "${dashboards_node_names[i]}" == "${dashname}" ]]; then - pos="${i}"; - fi - done - ip=${dashboards_node_ips[pos]} - fi - - echo 'server.host: "'${ip}'"' >> /etc/wazuh-dashboards/dashboards.yml - - if [ "${#indexer_node_names[@]}" -eq 1 ]; then - echo "opensearch.hosts: https://"${indexer_node_ips[0]}":9700" >> /etc/wazuh-dashboards/dashboards.yml - else - echo "opensearch.hosts:" >> /etc/wazuh-dashboards/dashboards.yml - for i in "${indexer_node_ips[@]}"; do - echo " - https://${i}:9700" >> /etc/wazuh-dashboards/dashboards.yml - done - fi - fi - - logger "Wazuh dashboards post-install configuration finished." - -} - -function dashboards_copyCertificates() { - - eval "rm -f ${d_certs_path}/* ${debug}" - if [ -f "${tar_file}" ]; then - - name=${dashboards_node_names[pos]} - - eval "tar -xf ${tar_file} -C ${d_certs_path} ./${name}.pem && mv ${d_certs_path}${name}.pem ${d_certs_path}dashboards.pem ${debug}" - eval "tar -xf ${tar_file} -C ${d_certs_path} ./${name}-key.pem && mv ${d_certs_path}${name}-key.pem ${d_certs_path}dashboards-key.pem ${debug}" - eval "tar -xf ${tar_file} -C ${d_certs_path} ./root-ca.pem ${debug}" - eval "chown -R wazuh-dashboards:wazuh-dashboards /etc/wazuh-dashboards/ ${debug}" - eval "chmod -R 500 ${d_certs_path} ${debug}" - eval "chmod 440 ${d_certs_path}* ${debug}" - logger -d "Wazuh dashboards certificate setup finished." - else - logger -e "No certificates found. Wazuh dashboards could not be initialized." - exit 1 - fi - -} - -function dashboards_initialize() { - - logger "Starting Wazuh dashboards (this may take a while)." - common_getPass "admin" - j=0 - - if [ "${#dashboards_node_names[@]}" -eq 1 ]; then - nodes_dashboards_ip=${dashboards_node_ips[0]} - else - for i in "${!dashboards_node_names[@]}"; do - if [[ "${dashboards_node_names[i]}" == "${dashname}" ]]; then - pos="${i}"; - fi - done - nodes_dashboards_ip=${dashboards_node_ips[pos]} - fi - until [ "$(curl -XGET https://${nodes_dashboards_ip}/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null)" -eq "200" ] || [ "${j}" -eq "12" ]; do - sleep 10 - j=$((j+1)) - done - - if [ "${#wazuh_servers_node_names[@]}" -eq 1 ]; then - wazuh_api_address=${wazuh_servers_node_ips[0]} - else - for i in "${!wazuh_servers_node_types[@]}"; do - if [[ "${wazuh_servers_node_types[i]}" == "master" ]]; then - wazuh_api_address=${wazuh_servers_node_ips[i]} - fi - done - fi - eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboards/data/wazuh/config/wazuh.yml ${debug}" - - if [ ${j} -eq 12 ]; then - flag="-w" - if [ -z "${force}" ]; then - flag="-e" - fi - failed_nodes=() - logger "${flag}" "Cannot connect to Wazuh dashboards." - - for i in "${!indexer_node_ips[@]}"; do - curl=$(curl -XGET https://${indexer_node_ips[i]}:9700/ -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null) - exit_code=$? - if [[ "${exit_code}" -eq "7" ]]; then - failed_connect=1 - failed_nodes+=("${indexer_node_names[i]}") - fi - done - logger "${flag}" "Failed to connect with ${failed_nodes[*]}. Connection refused." - if [ -z "${force}" ]; then - logger "If want to install Wazuh dashboards without waiting for the Wazuh indexer cluster, use the -F option" - common_rollBack - exit 1 - else - logger "When Wazuh dashboards is able to connect to your Elasticsearch cluster, you can access the web interface https://${nodes_dashboards_ip}. The credentials are admin:${u_pass}" - fi - else - logger "You can access the web interface https://${nodes_dashboards_ip}. The credentials are admin:${u_pass}" - fi - -} - -function dashboards_initializeAIO() { - - logger "Starting Wazuh dashboards (this may take a while)." - common_getPass "admin" - until [ "$(curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null)" -eq "200" ] || [ "${i}" -eq 12 ]; do - sleep 10 - i=$((i+1)) - done - if [ ${i} -eq 12 ]; then - logger -e "Cannot connect to Wazuh dashboards." - common_rollBack - exit 1 - fi - logger "Wazuh dashboards started." - logger "You can access the web interface https://. The credentials are admin:${u_pass}" - -} - -function dashboards_install() { - - logger "Starting Wazuh dashboards installation." - if [ "${sys_type}" == "zypper" ]; then - eval "zypper -n install wazuh-dashboards=${wazuh_version}-${wazuh_revision} ${debug}" - elif [ "${sys_type}" == "yum" ]; then - eval "yum install wazuh-dashboards${sep}${wazuh_version}-${wazuh_revision} -y ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "DEBIAN_FRONTEND=noninteractive apt install wazuh-dashboards${sep}${wazuh_version}-${wazuh_revision} -y ${debug}" - fi - if [ "$?" != 0 ]; then - logger -e "Wazuh dashboards installation failed" - common_rollBack - exit 1 - else - dashboardsinstalled="1" - logger "Wazuh dashboards installation finished." - fi - -} - diff --git a/unattended_installer/install_functions/filebeat.sh b/unattended_installer/install_functions/filebeat.sh index feedcfb6dd..1f4d4927a2 100644 --- a/unattended_installer/install_functions/filebeat.sh +++ b/unattended_installer/install_functions/filebeat.sh @@ -63,7 +63,9 @@ function filebeat_install() { eval "DEBIAN_FRONTEND=noninteractive apt install filebeat${sep}${filebeat_version} -y -q ${debug}" fi if [ "$?" != 0 ]; then - logger -e "Filebeat installation failed" + logger -e "Filebeat installation failed." + filebeatinstalled="manager" + common_rollBack exit 1 else logger "Filebeat installation finished." diff --git a/unattended_installer/install_functions/indexer.sh b/unattended_installer/install_functions/indexer.sh index f2059dce87..7bdd72d00b 100644 --- a/unattended_installer/install_functions/indexer.sh +++ b/unattended_installer/install_functions/indexer.sh @@ -134,6 +134,7 @@ function indexer_install() { if [ "$?" != 0 ]; then logger -e "Wazuh indexer installation failed." + indexerchinstalled="indexer" common_rollBack exit 1 else @@ -165,4 +166,40 @@ function indexer_startCluster() { logger -d "The wazuh-alerts template inserted into the Wazuh indexer cluster." fi +} + +function indexer_uninstall() { + + logger "Starting Wazuh indexer uninstall." + + if [[ -n "${indexerchinstalled}" ]]; then + logger -w "Removing Wazuh indexer packages." + if [ "${sys_type}" == "yum" ]; then + eval "yum remove wazuh-indexer -y ${debug}" + elif [ "${sys_type}" == "zypper" ]; then + eval "zypper -n remove wazuh-indexer ${debug}" + elif [ "${sys_type}" == "apt-get" ]; then + eval "apt remove --purge ^wazuh-indexer -y ${debug}" + fi + fi + + if [[ -n "${indexer_remaining_files}" ]]; then + logger -w "Removing Wazuh indexer files." + + elements_to_remove=( "/etc/systemd/system/multi-user.target.wants/elasticsearch.service" + "/etc/systemd/system/kibana.service" + "/var/lib/wazuh-indexer/" + "/usr/share/wazuh-indexer" + "/etc/wazuh-indexer/" + "/var/log/elasticsearch/" + "/var/log/wazuh-indexer/" + "/etc/systemd/system/opensearch.service.wants/" + "/securityadmin_demo.sh" + "/etc/systemd/system/multi-user.target.wants/opensearch.service" + "/lib/firewalld/services/opensearch.xml" + "${base_path}/search-guard-tlstool*" ) + + eval "rm -rf ${elements_to_remove[*]} ${debug}" + fi + } \ No newline at end of file diff --git a/unattended_installer/install_functions/manager.sh b/unattended_installer/install_functions/manager.sh index a8edb71484..47a06eb43d 100644 --- a/unattended_installer/install_functions/manager.sh +++ b/unattended_installer/install_functions/manager.sh @@ -44,6 +44,7 @@ function manager_startCluster() { function manager_install() { logger "Starting the Wazuh manager installation." + if [ "${sys_type}" == "zypper" ]; then eval "${sys_type} -n install wazuh-manager=${wazuh_version}-${wazuh_revision} ${debug}" elif [ "${sys_type}" == "yum" ]; then @@ -52,7 +53,8 @@ function manager_install() { eval "DEBIAN_FRONTEND=noninteractive ${sys_type} install wazuh-manager${sep}${wazuh_version}-${wazuh_revision} -y ${debug}" fi if [ "$?" != 0 ]; then - logger -e "Wazuh installation failed" + logger -e "Wazuh installation failed." + wazuhinstalled="manager" common_rollBack exit 1 else @@ -60,3 +62,62 @@ function manager_install() { logger "Wazuh manager installation finished." fi } + +function manager_uninstall() { + + logger "Wazuh manager and Filebeat will be uninstalled." + + # Remove Wazuh + logger -w "Removing Wazuh manager." + if [[ -n "${wazuhinstalled}" ]];then + + if [ "${sys_type}" == "yum" ]; then + eval "yum remove wazuh-manager -y ${debug} &" + wait + elif [ "${sys_type}" == "zypper" ]; then + eval "zypper -n remove wazuh-manager ${debug} &" + wait + eval "rm -f /etc/init.d/wazuh-manager ${debug} &" + wait + elif [ "${sys_type}" == "apt-get" ]; then + eval "apt remove --purge wazuh-manager -y ${debug} &" + wait + fi + fi + + until [ -z "${wazuh_remaining_files}" ] + do + eval "rm -rf /var/ossec/ ${debug}" + checkWazuhRemainingFiles + done + + # Remove Filebeat + logger -w "Removing Filebeat." + if [[ -n "${filebeatinstalled}" ]]; then + + if [ "${sys_type}" == "yum" ]; then + eval "yum remove filebeat -y ${debug} &" + wait + elif [ "${sys_type}" == "zypper" ]; then + eval "zypper -n remove filebeat ${debug} &" + wait + elif [ "${sys_type}" == "apt-get" ]; then + eval "apt remove --purge filebeat -y ${debug} &" + wait + fi + fi + + until [ -z "${filebeat_remaining_files}" ] + do + elements_to_remove=( "/var/log/filebeat/" + "/etc/systemd/system/multi-user.target.wants/wazuh-manager.service" + "/etc/systemd/system/multi-user.target.wants/filebeat.service" + "/var/lib/filebeat/" + "/usr/share/filebeat/" + "/etc/filebeat/" + ) + eval "rm -rf ${elements_to_remove[*]} ${debug}" + checkFilebeatRemainingFiles + done + +} diff --git a/unattended_installer/install_functions/wazuh-cert-tool.sh b/unattended_installer/install_functions/wazuh-cert-tool.sh index 469e67f5c0..83ff904bdf 100644 --- a/unattended_installer/install_functions/wazuh-cert-tool.sh +++ b/unattended_installer/install_functions/wazuh-cert-tool.sh @@ -163,16 +163,16 @@ function generateFilebeatcertificates() { } -function generateDashboardscertificates() { +function generatedashboardcertificates() { - if [ ${#dashboards_node_names[@]} -gt 0 ]; then - logger_cert -d "Creating the Wazuh dashboards certificates." + if [ ${#dashboard_node_names[@]} -gt 0 ]; then + logger_cert -d "Creating the Wazuh dashboard certificates." - for i in "${!dashboards_node_names[@]}"; do - generateCertificateconfiguration "${dashboards_node_names[i]}" "${dashboards_node_ips[i]}" - eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${dashboards_node_names[i]}-key.pem -out ${base_path}/certs/${dashboards_node_names[i]}.csr -config ${base_path}/certs/${dashboards_node_names[i]}.conf -days 3650 ${debug_cert}" - eval "openssl x509 -req -in ${base_path}/certs/${dashboards_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${dashboards_node_names[i]}.pem -extfile ${base_path}/certs/${dashboards_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" - eval "chmod 444 ${base_path}/certs/${dashboards_node_names[i]}-key.pem ${debug_cert}" + for i in "${!dashboard_node_names[@]}"; do + generateCertificateconfiguration "${dashboard_node_names[i]}" "${dashboard_node_ips[i]}" + eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${dashboard_node_names[i]}-key.pem -out ${base_path}/certs/${dashboard_node_names[i]}.csr -config ${base_path}/certs/${dashboard_node_names[i]}.conf -days 3650 ${debug_cert}" + eval "openssl x509 -req -in ${base_path}/certs/${dashboard_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${dashboard_node_names[i]}.pem -extfile ${base_path}/certs/${dashboard_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" + eval "chmod 444 ${base_path}/certs/${dashboard_node_names[i]}-key.pem ${debug_cert}" done fi @@ -205,8 +205,8 @@ function getHelp() { echo -e " -v, --verbose" echo -e " Enables verbose mode." echo -e "" - echo -e " -wd, --wazuh-dashboards-certificates" - echo -e " Creates the Wazuh dashboards certificates." + echo -e " -wd, --wazuh-dashboard-certificates" + echo -e " Creates the Wazuh dashboard certificates." echo -e "" echo -e " -wi, --wazuh-indexer-certificates" echo -e " Creates the Wazuh indexer certificates." @@ -253,8 +253,8 @@ function main() { debugEnabled=1 shift 1 ;; - "-wd"|"--wazuh-dashboards-certificates") - cdashboards=1 + "-wd"|"--wazuh-dashboard-certificates") + cdashboard=1 shift 1 ;; "-wi"|"--wazuh-indexer-certificates") @@ -296,9 +296,9 @@ function main() { logger_cert "Wazuh server certificates created." fi - if [[ -n "${cdashboards}" ]]; then - generateDashboardscertificates - logger_cert "Wazuh dashboards certificates created." + if [[ -n "${cdashboard}" ]]; then + generatedashboardcertificates + logger_cert "Wazuh dashboard certificates created." fi else @@ -307,7 +307,7 @@ function main() { generateAdmincertificate generateIndexercertificates generateFilebeatcertificates - generateDashboardscertificates + generatedashboardcertificates cleanFiles fi @@ -344,51 +344,51 @@ function readConfig() { eval "$(parse_yaml "${config_file}")" eval "indexer_node_names=( $(parse_yaml "${config_file}" | grep nodes_indexer_name | sed 's/nodes_indexer_name=//') )" eval "wazuh_servers_node_names=( $(parse_yaml "${config_file}" | grep nodes_wazuh_servers_name | sed 's/nodes_wazuh_servers_name=//') )" - eval "dashboards_node_names=( $(parse_yaml "${config_file}" | grep nodes_dashboards_name | sed 's/nodes_dashboards_name=//') )" + eval "dashboard_node_names=( $(parse_yaml "${config_file}" | grep nodes_dashboard_name | sed 's/nodes_dashboard_name=//') )" eval "indexer_node_ips=( $(parse_yaml "${config_file}" | grep nodes_indexer_ip | sed 's/nodes_indexer_ip=//') )" eval "wazuh_servers_node_ips=( $(parse_yaml "${config_file}" | grep nodes_wazuh_servers_ip | sed 's/nodes_wazuh_servers_ip=//') )" - eval "dashboards_node_ips=( $(parse_yaml "${config_file}" | grep nodes_dashboards_ip | sed 's/nodes_dashboards_ip=//') )" + eval "dashboard_node_ips=( $(parse_yaml "${config_file}" | grep nodes_dashboard_ip | sed 's/nodes_dashboard_ip=//') )" eval "wazuh_servers_node_types=( $(parse_yaml "${config_file}" | grep nodes_wazuh_servers_node_type | sed 's/nodes_wazuh_servers_node_type=//') )" unique_names=($(echo "${indexer_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) - if [ "${#unique_names[@]}" -ne "${#indexer_node_names[@]}" ]; then + if [ "${#unique_names[@]}" -ne "${#indexer_node_names[@]}" ]; then logger_cert -e "Duplicated indexer node names." exit 1 fi unique_ips=($(echo "${indexer_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) - if [ "${#unique_ips[@]}" -ne "${#indexer_node_ips[@]}" ]; then + if [ "${#unique_ips[@]}" -ne "${#indexer_node_ips[@]}" ]; then logger_cert -e "Duplicated indexer node ips." exit 1 fi unique_names=($(echo "${wazuh_servers_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) - if [ "${#unique_names[@]}" -ne "${#wazuh_servers_node_names[@]}" ]; then + if [ "${#unique_names[@]}" -ne "${#wazuh_servers_node_names[@]}" ]; then logger_cert -e "Duplicated Wazuh server node names." exit 1 fi unique_ips=($(echo "${wazuh_servers_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) - if [ "${#unique_ips[@]}" -ne "${#wazuh_servers_node_ips[@]}" ]; then + if [ "${#unique_ips[@]}" -ne "${#wazuh_servers_node_ips[@]}" ]; then logger_cert -e "Duplicated Wazuh server node ips." exit 1 fi - unique_names=($(echo "${dashboards_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) - if [ "${#unique_names[@]}" -ne "${#dashboards_node_names[@]}" ]; then - logger_cert -e "Duplicated dashboards node names." + unique_names=($(echo "${dashboard_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) + if [ "${#unique_names[@]}" -ne "${#dashboard_node_names[@]}" ]; then + logger_cert -e "Duplicated dashboard node names." exit 1 fi - unique_ips=($(echo "${dashboards_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) - if [ "${#unique_ips[@]}" -ne "${#dashboards_node_ips[@]}" ]; then - logger_cert -e "Duplicated dashboards node ips." + unique_ips=($(echo "${dashboard_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) + if [ "${#unique_ips[@]}" -ne "${#dashboard_node_ips[@]}" ]; then + logger_cert -e "Duplicated dashboard node ips." exit 1 fi - if [ "${#wazuh_servers_node_names[@]}" -ne "${#wazuh_servers_node_ips[@]}" ]; then + if [ "${#wazuh_servers_node_names[@]}" -ne "${#wazuh_servers_node_ips[@]}" ]; then logger_cert -e "Different number of Wazuh server node names and IPs." exit 1 fi @@ -419,8 +419,8 @@ function readConfig() { exit 1 fi - if [ "${#dashboards_node_names[@]}" -ne "${#dashboards_node_ips[@]}" ]; then - logger_cert -e "Different number of dashboards node names and IPs." + if [ "${#dashboard_node_names[@]}" -ne "${#dashboard_node_ips[@]}" ]; then + logger_cert -e "Different number of dashboard node names and IPs." exit 1 fi diff --git a/unattended_installer/install_functions/wazuh-passwords-tool.sh b/unattended_installer/install_functions/wazuh-passwords-tool.sh index 34b0e2149b..a44cfb7e0a 100644 --- a/unattended_installer/install_functions/wazuh-passwords-tool.sh +++ b/unattended_installer/install_functions/wazuh-passwords-tool.sh @@ -63,13 +63,13 @@ function changePassword() { if [ "$nuser" == "kibanaserver" ] || [ -n "$changeall" ]; then - if [ -n "${dashboardsinstalled}" ] && [ -n "${dashpass}" ]; then - wazuhdashold=$(grep "password:" /etc/wazuh-dashboards/dashboards.yml ) + if [ -n "${dashboardinstalled}" ] && [ -n "${dashpass}" ]; then + wazuhdashold=$(grep "password:" /etc/wazuh-dashboard/dashboard.yml ) rk="opensearch.password: " wazuhdashold="${wazuhdashold//$rk}" - conf="$(awk '{sub("opensearch.password: .*", "opensearch.password: '${dashpass}'")}1' /etc/wazuh-dashboards/dashboards.yml)" - echo "${conf}" > /etc/wazuh-dashboards/dashboards.yml - restartService "wazuh-dashboards" + conf="$(awk '{sub("opensearch.password: .*", "opensearch.password: '${dashpass}'")}1' /etc/wazuh-dashboard/dashboard.yml)" + echo "${conf}" > /etc/wazuh-dashboard/dashboard.yml + restartService "wazuh-dashboard" fi fi @@ -94,15 +94,15 @@ function checkInstalledPass() { fi if [ "${sys_type}" == "yum" ]; then - dashboardsinstalled=$(yum list installed 2>/dev/null | grep wazuh-dashboards) + dashboardinstalled=$(yum list installed 2>/dev/null | grep wazuh-dashboard) elif [ "${sys_type}" == "zypper" ]; then - dashboardsinstalled=$(zypper packages | grep wazuh-dashboards | grep i+) + dashboardinstalled=$(zypper packages | grep wazuh-dashboard | grep i+) elif [ "${sys_type}" == "apt-get" ]; then - dashboardsinstalled=$(apt list --installed 2>/dev/null | grep wazuh-dashboards) + dashboardinstalled=$(apt list --installed 2>/dev/null | grep wazuh-dashboard) fi - if [ -z "${indexerchinstalled}" ] && [ -z "${dashboardsinstalled}" ] && [ -z "${filebeatinstalled}" ]; then - logger_pass -e "Cannot find Wazuh indexer, Wazuh dashboards or Filebeat on the system." + if [ -z "${indexerchinstalled}" ] && [ -z "${dashboardinstalled}" ] && [ -z "${filebeatinstalled}" ]; then + logger_pass -e "Cannot find Wazuh indexer, Wazuh dashboard or Filebeat on the system." exit 1; else if [ -n "${indexerchinstalled}" ]; then @@ -228,7 +228,7 @@ function getHelp() { echo -e " Changes all the Open Distro user passwords and prints them on screen." echo -e "" echo -e " -u, --user " - echo -e " Indicates the name of the user whose password will be changed." + echo -e " Indicates the name of the user whose password will be changed." echo -e " If no password specified it will generate a random one." echo -e "" echo -e " -p, --password " @@ -484,7 +484,7 @@ User: name: kibanaserver password: kibanaserverpassword" - exit 1 + exit 1 fi sfileusers=$(grep name: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }') @@ -618,16 +618,16 @@ function runSecurityAdmin() { if [[ -n "${nuser}" ]] && [[ -n ${autopass} ]]; then logger_pass $'\nThe password for user '${nuser}' is '${password}'' - logger_pass -w "Password changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/wazuh-dashboards/dashboards.yml if necessary and restart the services." + logger_pass -w "Password changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/wazuh-dashboard/dashboard.yml if necessary and restart the services." fi if [[ -n "${nuser}" ]] && [[ -z ${autopass} ]]; then - logger_pass -w "Password changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/wazuh-dashboards/dashboards.yml if necessary and restart the services." + logger_pass -w "Password changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/wazuh-dashboard/dashboard.yml if necessary and restart the services." fi if [ -n "${changeall}" ]; then - if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboards}" ] && [ -z "${wazuh}" ] && [ -z "${start_elastic_cluster}" ]; then - logger_pass -w "Passwords changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/wazuh-dashboards/dashboards.yml if necessary and restart the services." + if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ] && [ -z "${start_elastic_cluster}" ]; then + logger_pass -w "Passwords changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/wazuh-dashboard/dashboard.yml if necessary and restart the services." else logger_pass -d "Passwords changed." fi diff --git a/unattended_installer/wazuh_install.sh b/unattended_installer/wazuh_install.sh index c15f0e474b..e5c510ec05 100755 --- a/unattended_installer/wazuh_install.sh +++ b/unattended_installer/wazuh_install.sh @@ -64,7 +64,7 @@ function getHelp() { echo -e " $(basename "$0") - Install and configure Wazuh central components." echo -e "" echo -e "SYNOPSIS" - echo -e " $(basename "$0") [OPTIONS] -a | -c | -e | -k | -s | -w " + echo -e " $(basename "$0") [OPTIONS] -a | -c | -wi | -wd | -s | -ws " echo -e "" echo -e "DESCRIPTION" echo -e " -a, --all-in-one" @@ -79,12 +79,11 @@ function getHelp() { echo -e " -ds, --disable-spinner" echo -e " Disables the spinner indicator." echo -e "" - echo -e "" - echo -e " -f, --fileconfig " + echo -e " -f, --fileconfig [path-to-config-yml]" echo -e " Path to config file. By default: ${base_path}/config.yml" echo -e "" - echo -e " -F, --force-dashboards" - echo -e " Ignore indexer cluster related errors in kibana installation" + echo -e " -F, --force-dashboard" + echo -e " Ignore Wazuh indexer cluster related errors in Wazuh dashboard installation." echo -e "" echo -e " -h, --help" echo -e " Shows help." @@ -101,17 +100,17 @@ function getHelp() { echo -e " -s, --start-cluster" echo -e " Starts the indexer cluster." echo -e "" - echo -e " -t, --tar " + echo -e " -t, --tar [path-to-certs-tar]" echo -e " Path to tar containing certificate files. By default: ${base_path}/configurations.tar" echo -e "" - echo -e " -u, --uninstall" - echo -e " Uninstalls all Wazuh components. NOTE: This will erase all the existing configuration and data." + echo -e " -u, --uninstall [component-name]" + echo -e " Use 'all' for complete components uninstall, 'manager', 'indexer' or 'dashboard' for single component uninstall." echo -e "" echo -e " -v, --verbose" echo -e " Shows the complete installation output." echo -e "" - echo -e " -wd, --wazuh-dashboards " - echo -e " Wazuh dashboards installation." + echo -e " -wd, --wazuh-dashboard " + echo -e " Wazuh dashboard installation." echo -e "" echo -e " -wi, --wazuh-indexer " echo -e " Wazuh indexer installation." @@ -228,7 +227,7 @@ function main() { config_file="${2}" shift 2 ;; - "-F"|"--force-kibana") + "-F"|"--force-dashboard") force=1 shift 1 ;; @@ -262,21 +261,27 @@ function main() { shift 2 ;; "-u"|"--uninstall") + if [ -z "${2}" ]; then + logger -e "Error on arguments. Probably missing after -u|--uninstall." + getHelp + exit 1 + fi uninstall=1 - shift 1 + uninstall_component_name="${2}" + shift 2 ;; "-v"|"--verbose") debugEnabled=1 debug="2>&1 | tee -a ${logfile}" shift 1 ;; - "-wd"|"--wazuh-dashboards") + "-wd"|"--wazuh-dashboard") if [ -z "${2}" ]; then - logger -e "Error on arguments. Probably missing after -wd|---wazuh-dashboards" + logger -e "Error on arguments. Probably missing after -wd|---wazuh-dashboard" getHelp exit 1 fi - dashboards=1 + dashboard=1 dashname="${2}" shift 2 ;; @@ -292,7 +297,7 @@ function main() { ;; "-ws"|"--wazuh-server") if [ -z "${2}" ]; then - logger -e "Error on arguments. Probably missing after -w|--wazuh-server" + logger -e "Error on arguments. Probably missing after -ws|--wazuh-server" getHelp exit 1 fi @@ -328,36 +333,98 @@ function main() { importFunction "wazuh-cert-tool.sh" importFunction "wazuh-passwords-tool.sh" - logger "Starting Wazuh unattended installer. Wazuh version: ${wazuh_version}. Wazuh installer version: ${wazuh_install_vesion}" + if [ -n "${uninstall}" ] || [ -n "${overwrite}" ] || [ -n "${AIO}" ] || [ -n "${wazuh}" ]; then + importFunction "manager.sh" + importFunction "filebeat.sh" + fi + if [ -n "${uninstall}" ] || [ -n "${overwrite}" ] || [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${start_elastic_cluster}" ]; then + importFunction "indexer.sh" + fi -# -------------- Uninstall case ------------------------------------ + if [ -n "${uninstall}" ] || [ -n "${overwrite}" ] || [ -n "${AIO}" ] || [ -n "${dashboard}" ]; then + importFunction "dashboard.sh" + fi - checks_installed - if [ -n "${uninstall}" ]; then - logger "-------------------------------------- Uninstall --------------------------------------" - logger "Removing all installed components." - common_rollBack - logger "All components removed." - exit 0 +# -------------- Wazuh unattended installer -------------------------------- + + if [ -z "${uninstall}" ]; then + logger "------------------------------------ Wazuh unattended installer ------------------------------------" + logger "Starting Wazuh unattended installer. Wazuh version: ${wazuh_version}. Wazuh installer version: ${wazuh_install_vesion}" fi # -------------- Preliminary checks -------------------------------- - if [ -z "${configurations}" ] && [ -z "${AIO}" ]; then - checks_previousCertificate - fi checks_arch checks_system - if [ -n "${ignore}" ]; then - logger -w "Health-check ignored." - else - checks_health + if [ -z "${uninstall}" ]; then + if [ -n "${ignore}" ]; then + logger -w "Health-check ignored." + else + checks_health + fi fi if [ -n "${AIO}" ] ; then rm -f "${tar_file}" fi + checks_installed_component checks_arguments +# -------------- Uninstall and Overwrite case ------------------------------------ + + if [ -n "${uninstall}" ]; then + logger "------------------------------------ Uninstall ------------------------------------" + common_rollBack + logger "Check the ${logfile} file to learn more about the issue." + logger "The uninstall process is complete." + exit 0 + fi + + if [ -n "${overwrite}" ]; then + logger "------------------------------------ Overwrite installation ------------------------------------" + if [ -n "${AIO}" ] ; then + wazuhinstalled="manager" + common_rollBack + indexerchinstalled="indexer" + common_rollBack + dashboardinstalled="dashboard" + common_rollBack + fi + if [ -n "${wazuh}" ]; then + wazuhinstalled="manager" + common_rollBack + fi + if [ -n "${indexer}" ]; then + indexerchinstalled="indexer" + common_rollBack + fi + if [ -n "${dashboard}" ]; then + dashboardinstalled="dashboard" + common_rollBack + fi + + if [ -n "${rollback_conf}" ] || [ -n "${overwrite}" ]; then + logger "Overwrite: installation cleaned." + fi + fi + +# # -------------- Uninstall case ------------------------------------ + +# if [ -n "${uninstall}" ]; then +# importFunction "manager.sh" +# importFunction "filebeat.sh" +# importFunction "indexer.sh" +# importFunction "dashboard.sh" +# logger "------------------------------------ Uninstall ------------------------------------" +# common_rollBack +# exit 0 +# fi + +# -------------- Preliminary steps -------------------------------- + + if [ -z "${configurations}" ] && [ -z "${AIO}" ]; then + checks_previousCertificate + fi + # -------------- Configuration creation case ----------------------- # Creation certificate case: Only AIO and -c option can create certificates. @@ -386,34 +453,30 @@ function main() { fi # Distributed architecture: node names must be different - if [[ -z "${AIO}" && ( -n "${indexer}" || -n "${dashboards}" || -n "${wazuh}" )]]; then + if [[ -z "${AIO}" && ( -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" )]]; then checks_names fi # -------------- Prerequisites and Wazuh repo ---------------------- - if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboards}" ] || [ -n "${wazuh}" ]; then + if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then logger "------------------------------------ Dependencies -------------------------------------" common_installPrerequisites common_addWazuhRepo fi -# -------------- Elasticsearch or Start Elasticsearch cluster case--- - if [ -n "${indexer}" ] || [ -n "${start_elastic_cluster}" ] ; then - importFunction "indexer.sh" - fi +# -------------- Elasticsearch case and Start Elasticsearch cluster case-------------------------------- -# -------------- Elasticsearch case -------------------------------- + if [ -n "${indexer}" ] || [ -n "${start_elastic_cluster}" ]; then + logger "------------------------------------ Wazuh indexer ------------------------------------" + fi if [ -n "${indexer}" ]; then - logger "------------------------------------ Wazuh indexer ------------------------------------" indexer_install indexer_configure common_startService "wazuh-indexer" indexer_initialize fi -# -------------- Start Elasticsearch cluster case ------------------ - if [ -n "${start_elastic_cluster}" ]; then indexer_startCluster common_changePasswords @@ -421,27 +484,21 @@ function main() { # -------------- Kibana case --------------------------------------- - if [ -n "${dashboards}" ]; then - logger "---------------------------------- Wazuh dashboards -----------------------------------" - - importFunction "dashboards.sh" - - dashboards_install - dashboards_configure + if [ -n "${dashboard}" ]; then + logger "---------------------------------- Wazuh dashboard -----------------------------------" + dashboard_install + dashboard_configure common_changePasswords - common_startService "wazuh-dashboards" - dashboards_initialize + common_startService "wazuh-dashboard" + dashboard_initialize fi # -------------- Wazuh case --------------------------------------- if [ -n "${wazuh}" ]; then - logger "------------------------------------- Wazuh server ------------------------------------" - - importFunction "manager.sh" - importFunction "filebeat.sh" + logger "------------------------------------- Wazuh server ------------------------------------" manager_install if [ -n "${wazuh_servers_node_types[*]}" ]; then manager_startCluster @@ -457,11 +514,6 @@ function main() { if [ -n "${AIO}" ]; then - importFunction "manager.sh" - importFunction "filebeat.sh" - importFunction "indexer.sh" - importFunction "dashboards.sh" - logger "------------------------------------ Wazuh indexer ------------------------------------" indexer_install indexer_configure @@ -473,12 +525,12 @@ function main() { filebeat_install filebeat_configure common_startService "filebeat" - logger "---------------------------------- Wazuh dashboards -----------------------------------" - dashboards_install - dashboards_configure - common_startService "wazuh-dashboards" + logger "---------------------------------- Wazuh dashboard -----------------------------------" + dashboard_install + dashboard_configure + common_startService "wazuh-dashboard" common_changePasswords - dashboards_initializeAIO + dashboard_initializeAIO fi # ------------------------------------------------------------------- @@ -487,7 +539,7 @@ function main() { common_restoreWazuhrepo fi - if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboards}" ] || [ -n "${wazuh}" ]; then + if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then logger "Installation finished. You can find in ${tar_file} all the certificates created, as well as password_file.yml, with the passwords for all users and config.yml, with the nodes of all of the components and their ips." elif [ -n "${start_elastic_cluster}" ]; then logger "Elasticsearch cluster started."