Release 4.4.0 - Alpha 2 - E2E UX tests - Wazuh Dashboard #15767
Assignees
Labels
release test/4.4.0
Issues related to testing for v4.4.0
Comments
1 task
okynos
added
type/release tracking
release test/4.4.0
Installation logs 🟢indexer[root@centos7-1 ~]# curl -sO https://packages-dev.wazuh.com/4.4/wazuh-certs-tool.sh
[root@centos7-1 ~]# curl -sO https://packages-dev.wazuh.com/4.4/config.yml
[root@centos7-1 ~]# vi config.yml [root@centos7-1 ~]# bash ./wazuh-certs-tool.sh -A
01/12/2022 14:28:37 INFO: Admin certificates created.
01/12/2022 14:28:37 INFO: Wazuh indexer certificates created.
01/12/2022 14:28:37 INFO: Wazuh server certificates created.
01/12/2022 14:28:37 INFO: Wazuh dashboard certificates created.[root@centos7-1 ~]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
./wazuh-1-key.pem
./wazuh-1.pem
./dashboard-key.pem
./dashboard.pem[root@centos7-1 ~]# yum install coreutils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.unimagdalena.edu.co
* extras: mirror.unimagdalena.edu.co
* updates: mirror.unimagdalena.edu.co
Package coreutils-8.22-24.el7_9.2.x86_64 already installed and latest version
Nothing to do[root@centos7-1 ~]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1[root@centos7-1 ~]# yum -y install wazuh-indexer
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror1.cl.netactuate.com
* extras: mirror1.cl.netactuate.com
* updates: mirror1.cl.netactuate.com
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.4.0-1 wazuh 497 M
Transaction Summary
=============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 497 M
Installed size: 747 M
Downloading packages:
wazuh-indexer-4.4.0-1.x86_64.rpm | 497 MB 00:00:51
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wazuh-indexer-4.4.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Verifying : wazuh-indexer-4.4.0-1.x86_64 1/1
Installed:
wazuh-indexer.x86_64 0:4.4.0-1
Complete![root@centos7-1 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@centos7-1 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@centos7-1 ~]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@centos7-1 ~]# chmod 500 /etc/wazuh-indexer/certs
[root@centos7-1 ~]# chmod 400 /etc/wazuh-indexer/certs/*
[root@centos7-1 ~]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@centos7-1 ~]# systemctl daemon-reload
[root@centos7-1 ~]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos7-1 ~]# systemctl start wazuh-indexer
[root@centos7-1 ~]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success[root@centos7-1 ~]# curl -k -u admin:admin https://192.168.56.252:9200
{
"name" : "node-1",
"cluster_name" : "wazuh-cluster",
"cluster_uuid" : "TsSrjDeSTrGGJJmmR_NYxw",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "f2f809ea280ffba217451da894a5899f1cec02ab",
"build_date" : "2022-12-12T22:17:42.341124910Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@centos7-1 ~]# curl -k -u admin:admin https://192.168.56.252:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
10.0.2.15 23 31 0 0.05 0.10 0.12 dimr cluster_manager,data,ingest,remote_cluster_client * node-1
server[root@centos7-1 ~]# yum -y install wazuh-manager
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror1.cl.netactuate.com
* extras: mirror1.cl.netactuate.com
* updates: mirror1.cl.netactuate.com
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Installing:
wazuh-manager x86_64 4.4.0-1 wazuh 117 M
Transaction Summary
=============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 117 M
Installed size: 444 M
Downloading packages:
wazuh-manager-4.4.0-1.x86_64.rpm | 117 MB 00:00:13
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wazuh-manager-4.4.0-1.x86_64 1/1
Verifying : wazuh-manager-4.4.0-1.x86_64 1/1
Installed:
wazuh-manager.x86_64 0:4.4.0-1
Complete![root@centos7-1 ~]# systemctl daemon-reload
[root@centos7-1 ~]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@centos7-1 ~]# systemctl start wazuh-manager
[root@centos7-1 ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (running) since lun 2022-12-26 12:10:35 UTC; 1s ago
Process: 15901 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/wazuh-manager.service
├─15960 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─16000 /var/ossec/bin/wazuh-authd
├─16017 /var/ossec/bin/wazuh-db
├─16032 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─16035 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─16048 /var/ossec/bin/wazuh-execd
├─16060 /var/ossec/bin/wazuh-analysisd
├─16070 /var/ossec/bin/wazuh-syscheckd
├─16172 /var/ossec/bin/wazuh-remoted
├─16231 /var/ossec/bin/wazuh-logcollector
├─16250 /var/ossec/bin/wazuh-monitord
├─16297 /var/ossec/bin/wazuh-modulesd
└─16767 /var/ossec/bin/wazuh-modulesd
dic 26 12:10:28 centos7-1 env[15901]: Started wazuh-db...
dic 26 12:10:28 centos7-1 env[15901]: Started wazuh-execd...
dic 26 12:10:28 centos7-1 env[15901]: Started wazuh-analysisd...
dic 26 12:10:29 centos7-1 env[15901]: Started wazuh-syscheckd...
dic 26 12:10:30 centos7-1 env[15901]: Started wazuh-remoted...
dic 26 12:10:30 centos7-1 env[15901]: Started wazuh-logcollector...
dic 26 12:10:32 centos7-1 env[15901]: Started wazuh-monitord...
dic 26 12:10:33 centos7-1 env[15901]: Started wazuh-modulesd...
dic 26 12:10:35 centos7-1 env[15901]: Completed.
dic 26 12:10:35 centos7-1 systemd[1]: Started Wazuh manager.dashboard[root@centos7-1 ~]# yum install libcap
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror1.cl.netactuate.com
* extras: mirror1.cl.netactuate.com
* updates: mirror1.cl.netactuate.com
Package libcap-2.22-11.el7.x86_64 already installed and latest version
Nothing to do
[root@centos7-1 ~]# yum -y install wazuh-dashboard
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror1.cl.netactuate.com
* extras: mirror1.cl.netactuate.com
* updates: mirror1.cl.netactuate.com
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Installing:
wazuh-dashboard x86_64 4.4.0-1 wazuh 257 M
Transaction Summary
=============================================================================================================================================================================================================================================
Install 1 Package
Total download size: 257 M
Installed size: 1.1 G
Downloading packages:
wazuh-dashboard-4.4.0-1.x86_64.rpm | 257 MB 00:00:28
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wazuh-dashboard-4.4.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.4.0-1.x86_64 1/1
Installed:
wazuh-dashboard.x86_64 0:4.4.0-1
Complete![root@centos7-1 ~]# NODE_NAME=dashboard
[root@centos7-1 ~]# mkdir /etc/wazuh-dashboard/certs
[root@centos7-1 ~]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos7-1 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv: ‘/etc/wazuh-dashboard/certs/dashboard.pem’ and ‘/etc/wazuh-dashboard/certs/dashboard.pem’ are the same file
[root@centos7-1 ~]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
mv: ‘/etc/wazuh-dashboard/certs/dashboard-key.pem’ and ‘/etc/wazuh-dashboard/certs/dashboard-key.pem’ are the same file
[root@centos7-1 ~]# chmod 500 /etc/wazuh-dashboard/certs
[root@centos7-1 ~]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@centos7-1 ~]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@centos7-1 ~]# systemctl daemon-reload
[root@centos7-1 ~]# systemctl enable wazuh-dashboard
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@centos7-1 ~]# systemctl start wazuh-dashboardWazuh password tool[root@centos7-1 ~]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all --admin-user wazuh --admin-password wazuh
26/12/2022 12:22:13 INFO: The password for user admin is 4lYNz9orVkf8Khqg9Et?*M+J3DoA68s4
26/12/2022 12:22:13 INFO: The password for user kibanaserver is Myuj28fsD54Pn?CSVBR5xNOjtSeJ8en3
26/12/2022 12:22:13 INFO: The password for user kibanaro is tAmpfNKpStgIC8D73R66bk+XgCL?fRSG
26/12/2022 12:22:13 INFO: The password for user logstash is q6yRVTZ47tTWf?9LOrIyM8xayG*+3FbB
26/12/2022 12:22:13 INFO: The password for user readall is 5glQ?k7iY8Q?Zvz+W?+AsmsLUybGfe.p
26/12/2022 12:22:13 INFO: The password for user snapshotrestore is XWVnY0psr86oke3lPhWfOp.3dDDTHe8D
26/12/2022 12:22:13 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
26/12/2022 12:22:14 INFO: The password for Wazuh API user wazuh is 1oAUMYXkLeb8lRPdVz*L5izl+nmtRgU9
26/12/2022 12:22:15 INFO: The password for Wazuh API user wazuh-wui is .*bZr0e7+GOOh41qlA+TdJjPtb1akoWb
26/12/2022 12:22:15 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
[root@centos7-1 ~]# systemctl restart wazuh-dashboard.service |
Wazuh Dashboard Package specs 🟢[root@centos7-1 ~]# yum info wazuh-dashboard
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror1.cl.netactuate.com
* extras: mirror1.cl.netactuate.com
* updates: mirror1.cl.netactuate.com
Installed Packages
Name : wazuh-dashboard
Arch : x86_64
Version : 4.4.0
Release : 1
Size : 1.1 G
Repo : installed
From repo : wazuh
Summary : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
URL : https://www.wazuh.com/
License : GPL
Description : Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated by the Wazuh server.
: Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it allows testing the ruleset and making calls to
: the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
[root@centos7-1 ~]# rpm -qi $(rpm -qa | awk '/dashboard/ {print $0}')
Name : wazuh-dashboard
Version : 4.4.0
Release : 1
Architecture: x86_64
Install Date: lun 26 dic 2022 12:19:04 UTC
Group : System Environment/Daemons
Size : 1201199412
License : GPL
Signature : RSA/SHA256, vie 23 dic 2022 13:14:03 UTC, Key ID 96b3ee5f29111145
Source RPM : wazuh-dashboard-4.4.0-1.src.rpm
Build Date : vie 23 dic 2022 12:54:03 UTC
Build Host : ip-172-31-65-215.ec2.internal
Relocations : (not relocatable)
Packager : Wazuh, Inc <info@wazuh.com>
Vendor : Wazuh, Inc <info@wazuh.com>
URL : https://www.wazuh.com/
Summary : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
Description :
Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated by the Wazuh server. Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it allows testing the ruleset and making calls to the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
|
Dashboard Package Size 🟢[root@centos7-1 ~]# rpm --qf '%{SIZE}\n' -q wazuh-dashboard | awk '{print $1/(1024*1024)"MiB"}'
1145.55MiB |
Dashboard package metadata (description) 🟢[root@centos7-1 ~]# yum -C search wazuh-dashboard
Loaded plugins: fastestmirror
======================================================================================================= N/S matched: wazuh-dashboard ========================================================================================================
wazuh-dashboard.x86_64 : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
Name and summary matches only, use "search all" for everything.
|
Dashboard package digital signature 🟢[root@centos7-1 ~]# rpm -qi $(rpm -qa | awk '/dashboard/ {print $0}') | awk '/Name|Install|Signature/ {print $0}'
Name : wazuh-dashboard
Install Date: lun 26 dic 2022 12:19:04 UTC
Signature : RSA/SHA256, vie 23 dic 2022 13:14:03 UTC, Key ID 96b3ee5f29111145
[root@centos7-1 ~]# rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
gpg-pubkey-f4a80eb5-53a7ff4b gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>)
gpg-pubkey-29111145-591cd381 gpg(Wazuh.com (Wazuh Signing Key) <support@wazuh.com>)
|
Installed files location, size and permissions 🟢
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard
total 1464
drwxr-x---. 2 wazuh-dashboard wazuh-dashboard 109 dic 26 12:18 bin
drwxr-x---. 2 wazuh-dashboard wazuh-dashboard 44 dic 26 12:19 config
drwxr-x---. 3 wazuh-dashboard wazuh-dashboard 31 dic 26 12:19 data
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 11358 dic 7 19:55 LICENSE.txt
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 5369 dic 7 20:08 manifest.yml
drwxr-x---. 6 wazuh-dashboard wazuh-dashboard 108 dic 26 12:18 node
drwxr-x---. 708 wazuh-dashboard wazuh-dashboard 20480 dic 26 12:18 node_modules
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 1426715 dic 7 19:55 NOTICE.txt
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 829 dic 23 12:42 package.json
drwxr-x---. 10 wazuh-dashboard wazuh-dashboard 221 dic 26 12:18 plugins
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 1933 dic 7 19:55 README.txt
drwxr-x---. 11 wazuh-dashboard wazuh-dashboard 160 dic 26 12:19 src
-r--r-----. 1 wazuh-dashboard wazuh-dashboard 6 dic 23 12:42 VERSION
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/bin
total 12
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 1207 dic 23 12:42 opensearch-dashboards
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 1074 dic 23 12:42 opensearch-dashboards-keystore
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 1111 dic 23 12:42 opensearch-dashboards-plugin
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/data/wazuh/config
total 16
-rw-r--r--. 1 wazuh-dashboard wazuh-dashboard 452 dic 26 12:30 wazuh-registry.json
-rw-------. 1 wazuh-dashboard wazuh-dashboard 9796 dic 26 12:27 wazuh.yml
[root@centos7-1 ~]# stat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
File: ‘/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml’
Size: 9796 Blocks: 24 IO Block: 4096 regular file
Device: 801h/2049d Inode: 5828362 Links: 1
Access: (0600/-rw-------) Uid: ( 995/wazuh-dashboard) Gid: ( 992/wazuh-dashboard)
Context: system_u:object_r:usr_t:s0
Access: 2022-12-26 12:27:39.085285537 +0000
Modify: 2022-12-26 12:27:25.396418429 +0000
Change: 2022-12-26 12:27:25.397418419 +0000
Birth: -
Configuration 4.4.0-1
[root@centos7-1 ~]# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
---
#
# Wazuh dashboard - App configuration file
# Copyright (C) 2015-2022 Wazuh, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information about configuration options:
# https://documentation.wazuh.com/4.4/user-manual/wazuh-dashboard/config-file.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-kibana-app
#
# ---------------------------------- General -----------------------------------
#
# Basic app settings related to alerts index pattern, hide the manager alerts in
# the dashboards, logs level and more.
#
# Define the index name prefix of sample alerts. It must match the template used
# by the index pattern to avoid unknown fields in dashboards.
# alerts.sample.prefix: wazuh-alerts-4.x-
#
# Define the index prefix of predefined jobs.
# cron.prefix: wazuh
#
# Specifies the Wazuh registration server, used for the agent enrollment.
# enrollment.dns: ''
#
# Specifies the password used to authenticate during the agent enrollment.
# enrollment.password: ".*bZr0e7+GOOh41qlA+TdJjPtb1akoWb"
#
# Hide the alerts of the manager in every dashboard. Allowed values: true, false.
# hideManagerAlerts: false
#
# Disable certain index pattern names from being available in index pattern
# selector.
# ip.ignore: []
#
# Define if the user is allowed to change the selected index pattern directly from
# the top menu bar. Allowed values: true, false.
# ip.selector: true
#
# Logging level of the App. Allowed values: info (Info), debug (Debug).
# logs.level: info
#
# Default index pattern to use on the app. If there's no valid index pattern, the
# app will automatically create one with the name indicated in this option.
# pattern: wazuh-alerts-*
#
# Maximum time, in milliseconds, the app will wait for an API response when making
# requests to it. It will be ignored if the value is set under 1500 milliseconds.
# Minimum value: 1500.
# timeout: 20000
#
# -------------------------------- Health check --------------------------------
#
# Checks will be executed by the app's Healthcheck.
#
# Enable or disable the API health check when opening the app. Allowed values:
# true, false.
# checks.api: true
#
# Enable or disable the known fields health check when opening the app. Allowed
# values: true, false.
# checks.fields: true
#
# Change the default value of the plugin platform max buckets configuration.
# Allowed values: true, false.
# checks.maxBuckets: true
#
# Change the default value of the plugin platform metaField configuration. Allowed
# values: true, false.
# checks.metaFields: true
#
# Enable or disable the index pattern health check when opening the app. Allowed
# values: true, false.
# checks.pattern: true
#
# Enable or disable the setup health check when opening the app. Allowed values:
# true, false.
# checks.setup: true
#
# Enable or disable the template health check when opening the app. Allowed
# values: true, false.
# checks.template: true
#
# Change the default value of the plugin platform timeFilter configuration.
# Allowed values: true, false.
# checks.timeFilter: true
#
# ----- Initial display state of the modules of the new API host entries. ------
#
# Extensions.
#
# Enable or disable the Audit tab on Overview and Agents. Allowed values: true,
# false.
# extensions.audit: true
#
# Enable or disable the Amazon (AWS) tab on Overview. Allowed values: true, false.
# extensions.aws: false
#
# Enable or disable the CIS-CAT tab on Overview and Agents. Allowed values: true,
# false.
# extensions.ciscat: false
#
# Enable or disable the Docker listener tab on Overview and Agents. Allowed
# values: true, false.
# extensions.docker: false
#
# Enable or disable the Google Cloud Platform tab on Overview. Allowed values:
# true, false.
# extensions.gcp: false
#
# Enable or disable the GDPR tab on Overview and Agents. Allowed values: true,
# false.
# extensions.gdpr: true
#
# Enable or disable the HIPAA tab on Overview and Agents. Allowed values: true,
# false.
# extensions.hipaa: true
#
# Enable or disable the NIST 800-53 tab on Overview and Agents. Allowed values:
# true, false.
# extensions.nist: true
#
# Enable or disable the Open SCAP tab on Overview and Agents. Allowed values:
# true, false.
# extensions.oscap: false
#
# Enable or disable the Osquery tab on Overview and Agents. Allowed values: true,
# false.
# extensions.osquery: false
#
# Enable or disable the PCI DSS tab on Overview and Agents. Allowed values: true,
# false.
# extensions.pci: true
#
# Enable or disable the TSC tab on Overview and Agents. Allowed values: true,
# false.
# extensions.tsc: true
#
# Enable or disable the VirusTotal tab on Overview and Agents. Allowed values:
# true, false.
# extensions.virustotal: false
#
# ------------------------------ Task:Monitoring -------------------------------
#
# Options related to the agent status monitoring job and its storage in indexes.
#
# Define the interval in which a new wazuh-monitoring index will be created.
# Allowed values: h (Hourly), d (Daily), w (Weekly), m (Monthly).
# wazuh.monitoring.creation: w
#
# Enable or disable the wazuh-monitoring index creation and/or visualization.
# Allowed values: true, false.
# wazuh.monitoring.enabled: true
#
# Frequency, in seconds, of API requests to get the state of the agents and create
# a new document in the wazuh-monitoring index with this data. Minimum value: 60.
# wazuh.monitoring.frequency: 900
#
# Default index pattern to use for Wazuh monitoring.
# wazuh.monitoring.pattern: wazuh-monitoring-*
#
# Define the number of replicas to use for the wazuh-monitoring-* indices. Minimum
# value: 0.
# wazuh.monitoring.replicas: 0
#
# Define the number of shards to use for the wazuh-monitoring-* indices. Minimum
# value: 1.
# wazuh.monitoring.shards: 1
#
# ------------------------------ Task:Statistics -------------------------------
#
# Options related to the daemons manager monitoring job and their storage in
# indexes..
#
# Enter the ID of the hosts you want to save data from, leave this empty to run
# the task on every host.
# cron.statistics.apis: []
#
# Define the interval in which a new index will be created. Allowed values: h
# (Hourly), d (Daily), w (Weekly), m (Monthly).
# cron.statistics.index.creation: w
#
# Define the name of the index in which the documents will be saved.
# cron.statistics.index.name: statistics
#
# Define the number of replicas to use for the statistics indices. Minimum value:
# 0.
# cron.statistics.index.replicas: 0
#
# Define the number of shards to use for the statistics indices. Minimum value: 1.
# cron.statistics.index.shards: 1
#
# Define the frequency of task execution using cron schedule expressions.
# cron.statistics.interval: 0 */5 * * * *
#
# Enable or disable the statistics tasks. Allowed values: true, false.
# cron.statistics.status: true
#
# ---------------------------------- Security ----------------------------------
#
# Application security options such as unauthorized roles.
#
# Disabled the plugin visibility for users with the roles.
# disabled_roles: []
#
# ------------------------------ Custom branding -------------------------------
#
# If you want to use custom branding elements such as logos, you can do so by
# editing the settings below.
#
# Enable or disable the customization. Allowed values: true, false.
# customization.enabled: true
#
# This logo is used in the app main menu, at the top left corner. Supported
# extensions: .jpeg, .jpg, .png, .svg. Recommended dimensions: 300x70px. Maximum
# file size: 1 MB.
# customization.logo.app: ''
#
# This logo is displayed during the Healthcheck routine of the app. Supported
# extensions: .jpeg, .jpg, .png, .svg. Recommended dimensions: 300x70px. Maximum
# file size: 1 MB.
# customization.logo.healthcheck: ''
#
# This logo is used in the PDF reports generated by the app. It's placed at the
# top left corner of every page of the PDF. Supported extensions: .jpeg, .jpg,
# .png. Recommended dimensions: 190x40px. Maximum file size: 1 MB.
# customization.logo.reports: ''
#
# This is the logo for the app to display in the platform's navigation drawer,
# this is, the main sidebar collapsible menu. Supported extensions: .jpeg, .jpg,
# .png, .svg. Recommended dimensions: 80x80px. Maximum file size: 1 MB.
# customization.logo.sidebar: ''
#
# Set the footer of the reports. Maximum amount of lines: 2. Maximum lines length
# is 50 characters.
# customization.reports.footer: ''
#
# Set the header of the reports. Maximum amount of lines: 3. Maximum lines length
# is 40 characters.
# customization.reports.header: ''
#
# -------------------------------- Wazuh hosts ---------------------------------
#
# The following configuration is the default structure to define a host.
#
# hosts:
# # Host ID / name,
# - env-1:
# # Host URL
# url: https://env-1.example
# # Host / API port
# port: 55000
# # Host / API username
# username: wazuh-wui
# # Host / API password
# password: ".*bZr0e7+GOOh41qlA+TdJjPtb1akoWb"
# # Use RBAC or not. If set to true, the username must be "wazuh-wui".
# run_as: true
# - env-2:
# url: https://env-2.example
# port: 55000
# username: wazuh-wui
# password: ".*bZr0e7+GOOh41qlA+TdJjPtb1akoWb"
# run_as: true
hosts:
- default:
url: https://localhost
port: 55000
username: wazuh-wui
password: ".*bZr0e7+GOOh41qlA+TdJjPtb1akoWb"
run_as: false
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/data/
total 4
-rw-r--r--. 1 wazuh-dashboard wazuh-dashboard 36 dic 26 12:19 uuid
drwxr-xr-x. 4 wazuh-dashboard wazuh-dashboard 32 dic 26 12:19 wazuh
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/data/wazuh
total 0
drwxr-xr-x. 2 wazuh-dashboard wazuh-dashboard 50 dic 26 12:27 config
drwxr-xr-x. 2 wazuh-dashboard wazuh-dashboard 52 dic 26 12:19 logs
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/data/wazuh/config
total 16
-rw-r--r--. 1 wazuh-dashboard wazuh-dashboard 452 dic 26 12:30 wazuh-registry.json
-rw-------. 1 wazuh-dashboard wazuh-dashboard 9796 dic 26 12:27 wazuh.yml
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/node
total 772
drwxr-x---. 2 wazuh-dashboard wazuh-dashboard 18 dic 26 12:18 bin
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 674091 dic 7 19:55 CHANGELOG.md
drwxr-x---. 3 wazuh-dashboard wazuh-dashboard 18 dic 26 12:18 include
drwxr-x---. 2 wazuh-dashboard wazuh-dashboard 6 dic 7 19:55 lib
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 78908 dic 7 19:55 LICENSE
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 31990 dic 7 19:55 README.md
drwxr-x---. 5 wazuh-dashboard wazuh-dashboard 45 dic 26 12:18 share
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/plugins/
total 0
drwxr-x---. 6 wazuh-dashboard wazuh-dashboard 138 dic 26 12:18 alertingDashboards
drwxr-x---. 7 wazuh-dashboard wazuh-dashboard 172 dic 26 12:18 customImportMapDashboards
drwxr-x---. 6 wazuh-dashboard wazuh-dashboard 158 dic 26 12:18 ganttChartDashboards
drwxr-x---. 8 wazuh-dashboard wazuh-dashboard 185 dic 26 12:18 indexManagementDashboards
drwxr-x---. 9 wazuh-dashboard wazuh-dashboard 206 dic 26 12:18 notificationsDashboards
drwxr-x---. 8 wazuh-dashboard wazuh-dashboard 217 dic 26 12:18 reportsDashboards
drwxr-x---. 7 wazuh-dashboard wazuh-dashboard 174 dic 26 12:18 securityDashboards
drwxr-x---. 7 wazuh-dashboard wazuh-dashboard 188 dic 26 12:19 wazuh
[root@centos7-1 ~]# ll /usr/share/wazuh-dashboard/src
total 8
-rw-r-----. 1 wazuh-dashboard wazuh-dashboard 2760 dic 7 19:55 apm.js
drwxr-x---. 3 wazuh-dashboard wazuh-dashboard 81 dic 26 12:19 cli
drwxr-x---. 3 wazuh-dashboard wazuh-dashboard 157 dic 26 12:19 cli_keystore
drwxr-x---. 6 wazuh-dashboard wazuh-dashboard 101 dic 26 12:19 cli_plugin
drwxr-x---. 8 wazuh-dashboard wazuh-dashboard 206 dic 26 12:19 core
drwxr-x---. 2 wazuh-dashboard wazuh-dashboard 40 dic 26 12:19 docs
drwxr-x---. 5 wazuh-dashboard wazuh-dashboard 43 dic 26 12:19 legacy
drwxr-x---. 3 wazuh-dashboard wazuh-dashboard 103 dic 26 12:19 optimize
drwxr-x---. 56 wazuh-dashboard wazuh-dashboard 4096 dic 26 12:19 plugins
drwxr-x---. 4 wazuh-dashboard wazuh-dashboard 168 dic 26 12:19 setup_node_env
[root@centos7-1 ~]# ll /etc/rc.d/init.d/
total 52
-rwxr-xr-x. 1 root root 2535 ene 12 2021 filebeat
-rw-r--r--. 1 root root 18281 may 22 2020 functions
-rwxr-xr-x. 1 root root 4569 may 22 2020 netconsole
-rwxr-xr-x. 1 root root 7928 may 22 2020 network
-rw-r--r--. 1 root root 1160 sep 1 14:57 README
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 3703 dic 23 12:07 wazuh-indexer
-rwxr-xr-x. 1 root wazuh 1175 dic 23 10:47 wazuh-manager
[root@centos7-1 ~]# ll /etc/yum.repos.d/wazuh.repo
-rw-r--r--. 1 root root 179 dic 26 11:55 /etc/yum.repos.d/wazuh.repo
[root@centos7-1 ~]# cat /etc/security/limits.conf | grep "End of file" -A30 -B6
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
wazuh-indexer hard nproc 4096
wazuh-indexer soft nproc 4096
wazuh-indexer hard nofile 65535
wazuh-indexer soft nofile 65535
[root@centos7-1 ~]# sysctl -a | grep max_map_count
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth1.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
vm.max_map_count = 262144
|
Register Wazuh Agents 🔴
root@ubuntu20:~# curl -so wazuh-agent.deb https://packages-dev.wazuh.com/pre-release/apt/pool/main/w/wazuh-agent/wazuh-agent_4.4.0-1_amd64.deb/wazuh-agent.deb && sudo WAZUH_MANAGER='192.168.56.252' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME='agent_ubuntu_focal_test_v4_4' dpkg -i ./wazuh-agent.deb
dpkg-deb: error: './wazuh-agent.deb' is not a Debian format archive
dpkg: error processing archive ./wazuh-agent.deb (--install):
dpkg-deb --control subprocess returned error exit status 2
Errors were encountered while processing:
./wazuh-agent.deb
The command provided by Wazuh dashboard is not valid for deb, it has an error as it adds /wazuh-agent.deb to the end of the package download URL root@ubuntu20:~# curl -so wazuh-agent.deb https://packages-dev.wazuh.com/pre-release/apt/pool/main/w/wazuh-agent/wazuh-agent_4.4.0-1_amd64.deb && sudo WAZUH_MANAGER='192.168.56.252' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME='agent_ubuntu_focal_test_v4_4' dpkg -i ./wazuh-agent.deb
Selecting previously unselected package wazuh-agent.
(Reading database ... 63239 files and directories currently installed.)
Preparing to unpack ./wazuh-agent.deb ...
Unpacking wazuh-agent (4.4.0-1) ...
Setting up wazuh-agent (4.4.0-1) ...
Processing triggers for systemd (245.4-4ubuntu3.15) ...
root@ubuntu20:~# sudo systemctl daemon-reload
root@ubuntu20:~# sudo systemctl enable wazuh-agent
Synchronizing state of wazuh-agent.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-agent
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-agent.service → /lib/systemd/system/wazuh-agent.service.
root@ubuntu20:~# sudo systemctl start wazuh-agentScreenshots
On all systems add /wazuh-agent.extension:
|
Basic browsing through the WUI and Basic experience with WUI performance 🟢The application is navigated correctly and without visible errors
|
Wazuh Dashboard (included the Wazuh WUI) communication with Wazuh manager API and Wazuh indexer 🟢2022/12/26 12:21:46 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"agents_list": "000"} and body {} done in 0.012s: 200
2022/12/26 12:21:46 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"agents_list": "000"} and body {} done in 0.013s: 200
2022/12/26 12:21:46 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.013s: 200
2022/12/26 12:21:46 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.011s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /" with parameters {} and body {} done in 0.007s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.013s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /agents/summary/status" with parameters {} and body {} done in 0.008s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /agents/000/config/auth/auth" with parameters {} and body {} done in 0.018s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /manager/api/config" with parameters {} and body {} done in 0.008s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /groups" with parameters {} and body {} done in 0.015s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.011s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.014s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /manager/configuration/request/remote" with parameters {} and body {} done in 0.009s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /manager/api/config" with parameters {} and body {} done in 0.011s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.010s: 200
2022/12/26 12:21:50 INFO: wazuh-wui 127.0.0.1 "GET /manager/configuration/request/remote" with parameters {} and body {} done in 0.007s: 200
2022/12/26 12:22:07 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.203s: 200
2022/12/26 12:22:07 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.042s: 200
2022/12/26 12:22:07 INFO: wazuh 127.0.0.1 "GET /security/users" with parameters {"pretty": "true"} and body {} done in 0.014s: 200
2022/12/26 12:22:13 INFO: wazuh 127.0.0.1 "PUT /security/users/1" with parameters {} and body {"password": "****"} done in 0.150s: 200
2022/12/26 12:22:14 INFO: wazuh 127.0.0.1 "POST /security/user/authenticate" with parameters {"raw": "true"} and body {} done in 0.225s: 200
2022/12/26 12:22:15 INFO: wazuh 127.0.0.1 "PUT /security/users/2" with parameters {} and body {"password": "****"} done in 0.169s: 200
2022/12/26 12:22:16 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.248s: 200 |
6 tasks
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.
Modules test information
Installation procedure
Test description
Best effort to test Wazuh dashboard package. Think critically and at least review/test:
Test report procedure
All test results must have one of the following statuses:
Any failing test must be documented with a new issue, detailing the error and the possible cause.
An extended test results report can be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. The auditors can use this report to dig deeper into possible failures and details.
Conclusions
Auditors' validation
The definition of done for this one is the validation of the conclusions and the test results from all auditors.
All checks from below must be accepted in order to close this issue.
The text was updated successfully, but these errors were encountered: