Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change Filebeat passwords only when installing Wazuh Server or changing passwords #3118

Merged
merged 1 commit into from
Sep 16, 2024
Merged

Change Filebeat passwords only when installing Wazuh Server or changing passwords #3118

merged 1 commit into from
Sep 16, 2024

Conversation

CarlosALgit
Copy link
Member

Related issue
#3115

Description

The aim of this PR is to modify the Wazuh Installation Assistant to only update Filebeat Keystore passwords when installing the Wazuh Manager/Server or when using the Wazuh Password Tool itself and Filebeat is actually installed.

Tests

For the tests, I performed several installations on both deb and rpm package managers using the Wazuh Installation Assistant. installing an AIO, component by component and offline. Also, I performed a change of passwords of all users using the Wazuh Passwords Tool to check the change works correctly not only when installing.

All in One installation ✅

Ubuntu 22 ✅

Installation logs: 
root@ip-172-31-43-240:/home/ubuntu# bash ./wazuh-install.sh -a
12/09/2024 10:07:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
12/09/2024 10:07:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/09/2024 10:07:28 INFO: Verifying that your system meets the recommended minimum hardware requirements.
12/09/2024 10:07:28 INFO: Wazuh web interface port will be 443.
12/09/2024 10:07:40 INFO: Wazuh repository added.
12/09/2024 10:07:40 INFO: --- Configuration files ---
12/09/2024 10:07:40 INFO: Generating configuration files.
12/09/2024 10:07:41 INFO: Generating the root certificate.
12/09/2024 10:07:42 INFO: Generating Admin certificates.
12/09/2024 10:07:42 INFO: Generating Wazuh indexer certificates.
12/09/2024 10:07:43 INFO: Generating Filebeat certificates.
12/09/2024 10:07:43 INFO: Generating Wazuh dashboard certificates.
12/09/2024 10:07:44 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
12/09/2024 10:07:44 INFO: --- Wazuh indexer ---
12/09/2024 10:07:44 INFO: Starting Wazuh indexer installation.
12/09/2024 10:08:09 INFO: Wazuh indexer installation finished.
12/09/2024 10:08:10 INFO: Wazuh indexer post-install configuration finished.
12/09/2024 10:08:10 INFO: Starting service wazuh-indexer.
12/09/2024 10:08:35 INFO: wazuh-indexer service started.
12/09/2024 10:08:35 INFO: Initializing Wazuh indexer cluster security settings.
12/09/2024 10:08:43 INFO: Wazuh indexer cluster security configuration initialized.
12/09/2024 10:08:43 INFO: Wazuh indexer cluster initialized.
12/09/2024 10:08:43 INFO: --- Wazuh server ---
12/09/2024 10:08:43 INFO: Starting the Wazuh manager installation.
12/09/2024 10:10:04 INFO: Wazuh manager installation finished.
12/09/2024 10:10:04 INFO: Wazuh manager vulnerability detection configuration finished.
12/09/2024 10:10:04 INFO: Starting service wazuh-manager.
12/09/2024 10:10:27 INFO: wazuh-manager service started.
12/09/2024 10:10:27 INFO: Starting Filebeat installation.
12/09/2024 10:10:45 INFO: Filebeat installation finished.
12/09/2024 10:10:46 INFO: Filebeat post-install configuration finished.
12/09/2024 10:10:46 INFO: Starting service filebeat.
12/09/2024 10:10:48 INFO: filebeat service started.
12/09/2024 10:10:48 INFO: --- Wazuh dashboard ---
12/09/2024 10:10:48 INFO: Starting Wazuh dashboard installation.
12/09/2024 10:13:17 INFO: Wazuh dashboard installation finished.
12/09/2024 10:13:17 INFO: Wazuh dashboard post-install configuration finished.
12/09/2024 10:13:17 INFO: Starting service wazuh-dashboard.
12/09/2024 10:13:18 INFO: wazuh-dashboard service started.
12/09/2024 10:13:21 INFO: Updating the internal users.
12/09/2024 10:13:30 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
12/09/2024 10:13:48 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
12/09/2024 10:14:31 INFO: Initializing Wazuh dashboard web application.
12/09/2024 10:14:31 INFO: Wazuh dashboard web application not yet initialized. Waiting...
12/09/2024 10:14:46 INFO: Wazuh dashboard web application not yet initialized. Waiting...
12/09/2024 10:15:01 INFO: Wazuh dashboard web application initialized.
12/09/2024 10:15:01 INFO: --- Summary ---
12/09/2024 10:15:01 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: *c1LGSJ+.kSR?D3Ys4zZOIXefdJML?YE
12/09/2024 10:15:01 INFO: Installation finished.
Tests logs: 
root@ip-172-31-43-240:/home/ubuntu# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

root@ip-172-31-43-240:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap z?CfN*HlNpIiVS1CTC7gmFBZLlMX7TRa
12/09/2024 10:38:02 INFO: Updating the internal users.
12/09/2024 10:38:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
12/09/2024 10:38:31 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
12/09/2024 10:39:12 INFO: The password for user admin is CCx?qKR81P+81mAL+YGBklQtrvtlEnVD
12/09/2024 10:39:12 INFO: The password for user anomalyadmin is HW?mI1Wi16wLkI7WRWQJxA*U.5I3+lpp
12/09/2024 10:39:12 INFO: The password for user kibanaserver is 6qTmOOBU+ez?oafbY9A38U8eUWgyCk*d
12/09/2024 10:39:12 INFO: The password for user kibanaro is vhVDBJiFRhRLobY6H0BMOqF55bfn8?9N
12/09/2024 10:39:12 INFO: The password for user logstash is D9kmEMRYhS.YPF1MmDTqZc+*ntcUsTsI
12/09/2024 10:39:12 INFO: The password for user readall is KYXYjbqm.bIU9SwIAejUdM.fr.D5BENl
12/09/2024 10:39:12 INFO: The password for user snapshotrestore is 6F0Qrq88rGcbt**kzyvI5bV++t08dq9s
12/09/2024 10:39:12 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
12/09/2024 10:39:16 INFO: The password for Wazuh API user wazuh is GCi3S0EtfilKrl09XVUMEubtI+uWbZ7K
12/09/2024 10:39:17 INFO: The password for Wazuh API user wazuh-wui is euAYykK+B3ZZZdFPEtHTIkLjecG5*k6r
12/09/2024 10:39:17 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
Web Dashboard:

Landing page:
landing-page-ubuntu-aio

About:
about-ubuntu-aio

Amazon Linux 2023 ✅

Installation logs: 
[root@ip-172-31-46-224 ec2-user]# bash ./wazuh-install.sh -a
11/09/2024 14:51:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 14:51:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 14:51:39 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 14:51:39 INFO: Wazuh web interface port will be 443.
11/09/2024 14:51:39 INFO: Wazuh repository added.
11/09/2024 14:51:39 INFO: --- Configuration files ---
11/09/2024 14:51:39 INFO: Generating configuration files.
11/09/2024 14:51:40 INFO: Generating the root certificate.
11/09/2024 14:51:40 INFO: Generating Admin certificates.
11/09/2024 14:51:41 INFO: Generating Wazuh indexer certificates.
11/09/2024 14:51:41 INFO: Generating Filebeat certificates.
11/09/2024 14:51:42 INFO: Generating Wazuh dashboard certificates.
11/09/2024 14:51:43 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
11/09/2024 14:51:43 INFO: --- Wazuh indexer ---
11/09/2024 14:51:43 INFO: Starting Wazuh indexer installation.
11/09/2024 14:52:43 INFO: Wazuh indexer installation finished.
11/09/2024 14:52:43 INFO: Wazuh indexer post-install configuration finished.
11/09/2024 14:52:43 INFO: Starting service wazuh-indexer.
11/09/2024 14:53:08 INFO: wazuh-indexer service started.
11/09/2024 14:53:08 INFO: Initializing Wazuh indexer cluster security settings.
11/09/2024 14:53:16 INFO: Wazuh indexer cluster security configuration initialized.
11/09/2024 14:53:16 INFO: Wazuh indexer cluster initialized.
11/09/2024 14:53:16 INFO: --- Wazuh server ---
11/09/2024 14:53:16 INFO: Starting the Wazuh manager installation.
11/09/2024 14:54:37 INFO: Wazuh manager installation finished.
11/09/2024 14:54:37 INFO: Wazuh manager vulnerability detection configuration finished.
11/09/2024 14:54:37 INFO: Starting service wazuh-manager.
11/09/2024 14:54:57 INFO: wazuh-manager service started.
11/09/2024 14:54:57 INFO: Starting Filebeat installation.
11/09/2024 14:55:15 INFO: Filebeat installation finished.
11/09/2024 14:55:16 INFO: Filebeat post-install configuration finished.
11/09/2024 14:55:16 INFO: Starting service filebeat.
11/09/2024 14:55:17 INFO: filebeat service started.
11/09/2024 14:55:17 INFO: --- Wazuh dashboard ---
11/09/2024 14:55:17 INFO: Starting Wazuh dashboard installation.
11/09/2024 14:57:38 INFO: Wazuh dashboard installation finished.
11/09/2024 14:57:39 INFO: Wazuh dashboard post-install configuration finished.
11/09/2024 14:57:39 INFO: Starting service wazuh-dashboard.
11/09/2024 14:57:39 INFO: wazuh-dashboard service started.
11/09/2024 14:57:40 INFO: Updating the internal users.
11/09/2024 14:57:48 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/09/2024 14:58:06 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 14:58:48 INFO: Initializing Wazuh dashboard web application.
11/09/2024 14:58:48 INFO: Wazuh dashboard web application not yet initialized. Waiting...
11/09/2024 14:59:04 INFO: Wazuh dashboard web application not yet initialized. Waiting...
11/09/2024 14:59:19 INFO: Wazuh dashboard web application initialized.
11/09/2024 14:59:19 INFO: --- Summary ---
11/09/2024 14:59:19 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: 8BSv+1er6pJye+remYiax7D+5D4UN6Wv
11/09/2024 14:59:19 INFO: Installation finished.
Tests logs: 
[root@ip-172-31-46-224 ec2-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

[root@ip-172-31-46-224 ec2-user]# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap cGfZk*z97Q2Gj?ntm0y1x3dSoUt?8vE+
12/09/2024 08:30:48 INFO: Updating the internal users.
12/09/2024 08:30:53 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
12/09/2024 08:31:06 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
12/09/2024 08:31:43 INFO: The password for user admin is nZ2Lubz6Y95R?80BobI6j?nXlMXnqYnN
12/09/2024 08:31:43 INFO: The password for user anomalyadmin is QycM.25u7dVqRW8W2Ysh7V9*UK?o.xo?
12/09/2024 08:31:43 INFO: The password for user kibanaserver is ApYdrLx3ngyoXL7YLNosr?haDr5Q5ZFe
12/09/2024 08:31:43 INFO: The password for user kibanaro is 2FTb8KutmW9TIH.yQEZeLfPRgV2RpUWA
12/09/2024 08:31:43 INFO: The password for user logstash is Tql4pDsX1lCk+v0WJczZ?li8f+tOLfoX
12/09/2024 08:31:43 INFO: The password for user readall is hZIPdlwBNm?V4pww+PJvh+i1dK+mD9u5
12/09/2024 08:31:43 INFO: The password for user snapshotrestore is SnDTj?SxqEZsrgvcp.UrAeC9ixK0sJ23
12/09/2024 08:31:43 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
12/09/2024 08:31:45 INFO: The password for Wazuh API user wazuh is YG2u0r*MS97veLH3WdStBR+7a+yozqRV
12/09/2024 08:31:46 INFO: The password for Wazuh API user wazuh-wui is DMG508Gamqf1hFB66+sB7lzXzwPcLJh3
12/09/2024 08:31:46 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
Web Dashboard:

Landing page:
landing-page-amazon-aio

About:
about-amazon-aio

Component by component installation ✅

Ubuntu 22 ✅

Installation logs: 
root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --generate-config-files
11/09/2024 11:05:17 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 11:05:17 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 11:05:44 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 11:05:44 INFO: --- Configuration files ---
11/09/2024 11:05:44 INFO: Generating configuration files.
11/09/2024 11:05:44 INFO: Generating the root certificate.
11/09/2024 11:05:45 INFO: Generating Admin certificates.
11/09/2024 11:05:45 INFO: Generating Wazuh indexer certificates.
11/09/2024 11:05:46 INFO: Generating Filebeat certificates.
11/09/2024 11:05:46 INFO: Generating Wazuh dashboard certificates.
11/09/2024 11:05:47 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --wazuh-indexer node-1
11/09/2024 11:06:37 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 11:06:37 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 11:06:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 11:06:53 INFO: --- Dependencies ----
11/09/2024 11:06:53 INFO: Installing apt-transport-https.
11/09/2024 11:07:06 INFO: Wazuh repository added.
11/09/2024 11:07:07 INFO: --- Wazuh indexer ---
11/09/2024 11:07:07 INFO: Starting Wazuh indexer installation.
11/09/2024 11:08:07 INFO: Wazuh indexer installation finished.
11/09/2024 11:08:07 INFO: Wazuh indexer post-install configuration finished.
11/09/2024 11:08:07 INFO: Starting service wazuh-indexer.
11/09/2024 11:08:33 INFO: wazuh-indexer service started.
11/09/2024 11:08:33 INFO: Initializing Wazuh indexer cluster security settings.
11/09/2024 11:08:36 INFO: Wazuh indexer cluster initialized.
11/09/2024 11:08:36 INFO: Installation finished.
root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --start-cluster
11/09/2024 11:09:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 11:09:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 11:09:38 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 11:09:45 INFO: Wazuh indexer cluster security configuration initialized.
11/09/2024 11:09:59 INFO: Updating the internal users.
11/09/2024 11:10:03 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/09/2024 11:10:21 INFO: Wazuh indexer cluster started.
root@ip-172-31-43-240:/home/ubuntu# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8'
root@ip-172-31-43-240:/home/ubuntu# curl -k -u admin:SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8 https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "Qj-6rkgJTwep1dBE7yL9kA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806",
    "build_date" : "2024-08-30T10:06:03.028357Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ip-172-31-43-240:/home/ubuntu# curl -k -u admin:SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8 https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           48          53  14    0.10    0.33     0.23 dimr      data,ingest,master,remote_cluster_client *               node-1
root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --wazuh-server wazuh-1
11/09/2024 11:13:47 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 11:13:47 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 11:13:56 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 11:14:03 INFO: Wazuh repository added.
11/09/2024 11:14:03 INFO: --- Wazuh server ---
11/09/2024 11:14:03 INFO: Starting the Wazuh manager installation.
11/09/2024 11:15:51 INFO: Wazuh manager installation finished.
11/09/2024 11:15:51 INFO: Wazuh manager vulnerability detection configuration finished.
11/09/2024 11:15:51 INFO: Starting service wazuh-manager.
11/09/2024 11:16:14 INFO: wazuh-manager service started.
11/09/2024 11:16:14 INFO: Starting Filebeat installation.
11/09/2024 11:16:32 INFO: Filebeat installation finished.
11/09/2024 11:16:34 INFO: Filebeat post-install configuration finished.
11/09/2024 11:16:39 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 11:17:07 INFO: Starting service filebeat.
11/09/2024 11:17:09 INFO: filebeat service started.
11/09/2024 11:17:09 INFO: Installation finished.
root@ip-172-31-43-240:/home/ubuntu# bash wazuh-install.sh --wazuh-dashboard dashboard
11/09/2024 11:18:23 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
11/09/2024 11:18:23 INFO: Verbose logging redirected to /var/log/wazuh-install.log
11/09/2024 11:18:33 INFO: Verifying that your system meets the recommended minimum hardware requirements.
11/09/2024 11:18:33 INFO: Wazuh web interface port will be 443.
11/09/2024 11:18:41 INFO: --- Dependencies ----
11/09/2024 11:18:41 INFO: Installing debhelper.
11/09/2024 11:19:33 INFO: Wazuh repository added.
11/09/2024 11:19:33 INFO: --- Wazuh dashboard ----
11/09/2024 11:19:33 INFO: Starting Wazuh dashboard installation.
11/09/2024 11:20:34 INFO: Wazuh dashboard installation finished.
11/09/2024 11:20:34 INFO: Wazuh dashboard post-install configuration finished.
11/09/2024 11:20:34 INFO: Starting service wazuh-dashboard.
11/09/2024 11:20:35 INFO: wazuh-dashboard service started.
11/09/2024 11:20:59 INFO: Initializing Wazuh dashboard web application.
11/09/2024 11:21:00 INFO: Wazuh dashboard web application initialized.
11/09/2024 11:21:00 INFO: --- Summary ---
11/09/2024 11:21:00 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8
11/09/2024 11:21:00 INFO: Installation finished.
Tests logs: 
root@ip-172-31-43-240:/home/ubuntu# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

root@ip-172-31-43-240:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au admin -ap SK1CY2P4VxiJGdl+zb7UV.AEVfupqcP8
11/09/2024 14:33:04 INFO: Updating the internal users.
11/09/2024 14:33:12 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/09/2024 14:33:12 ERROR: Invalid admin user credentials
root@ip-172-31-43-240:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap cIn9KR?24EId0OGQ28FpnEKOHF.Q7*hE
11/09/2024 14:34:01 INFO: Updating the internal users.
11/09/2024 14:34:09 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/09/2024 14:34:32 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/09/2024 14:35:11 INFO: The password for user admin is kYyq1H0Opq.xfg4fxDEjl9SEi9qq9kSP
11/09/2024 14:35:11 INFO: The password for user anomalyadmin is xvGtEhp02nuwVxx5h?+egA6UjyKPIjxv
11/09/2024 14:35:11 INFO: The password for user kibanaserver is f.BlpJHO25gDX9IRBRfuGC+WV0Zyi10d
11/09/2024 14:35:11 INFO: The password for user kibanaro is 7c7NzFwxYHoLC+S80egFN1j?hRuVCXtc
11/09/2024 14:35:11 INFO: The password for user logstash is ?Y3Y+o1f+4Bt7BP+jY8.h0pm6GX0.aeZ
11/09/2024 14:35:11 INFO: The password for user readall is uXBQt7hu?A2ML6x2pDh7f*+GFSl9UQXv
11/09/2024 14:35:11 INFO: The password for user snapshotrestore is A20L?FR6lcrPLHd58ooLhGnU37x+D2lM
11/09/2024 14:35:11 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
11/09/2024 14:35:16 INFO: The password for Wazuh API user wazuh is tNWh8Wj31+f?ujSnCklHf*1voWSG*M6H
11/09/2024 14:35:17 INFO: The password for Wazuh API user wazuh-wui is WK.9Bna7gr5GrTwN2qbfxpeTt.jh.Aw4
11/09/2024 14:35:17 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
Web Dashboard:

Landing page:
landing-page-ubuntu-component

About:
about-ubuntu-component

Amazon Linux 2023 ✅

Installation logs: 
[root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --generate-config-files
12/09/2024 10:18:52 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
12/09/2024 10:18:52 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/09/2024 10:18:52 INFO: Verifying that your system meets the recommended minimum hardware requirements.
12/09/2024 10:18:52 INFO: --- Configuration files ---
12/09/2024 10:18:52 INFO: Generating configuration files.
12/09/2024 10:18:52 INFO: Generating the root certificate.
12/09/2024 10:18:53 INFO: Generating Admin certificates.
12/09/2024 10:18:54 INFO: Generating Wazuh indexer certificates.
12/09/2024 10:18:54 INFO: Generating Filebeat certificates.
12/09/2024 10:18:54 INFO: Generating Wazuh dashboard certificates.
12/09/2024 10:18:55 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
[root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --wazuh-indexer node-1
12/09/2024 10:19:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
12/09/2024 10:19:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/09/2024 10:19:38 INFO: Verifying that your system meets the recommended minimum hardware requirements.
12/09/2024 10:19:39 INFO: Wazuh repository added.
12/09/2024 10:19:39 INFO: --- Wazuh indexer ---
12/09/2024 10:19:39 INFO: Starting Wazuh indexer installation.
12/09/2024 10:20:28 INFO: Wazuh indexer installation finished.
12/09/2024 10:20:28 INFO: Wazuh indexer post-install configuration finished.
12/09/2024 10:20:28 INFO: Starting service wazuh-indexer.
12/09/2024 10:20:52 INFO: wazuh-indexer service started.
12/09/2024 10:20:52 INFO: Initializing Wazuh indexer cluster security settings.
12/09/2024 10:20:53 INFO: Wazuh indexer cluster initialized.
12/09/2024 10:20:53 INFO: Installation finished.
[root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --start-cluster
12/09/2024 10:40:44 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
12/09/2024 10:40:44 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/09/2024 10:40:44 INFO: Verifying that your system meets the recommended minimum hardware requirements.
12/09/2024 10:40:50 INFO: Wazuh indexer cluster security configuration initialized.
12/09/2024 10:41:06 INFO: Updating the internal users.
12/09/2024 10:41:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
12/09/2024 10:41:27 INFO: Wazuh indexer cluster started.
[root@ip-172-31-46-224 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: '1ODub*8rE27HawveSnp34n58yepxQa4e'
[root@ip-172-31-46-224 ec2-user]# curl -k -u admin:1ODub*8rE27HawveSnp34n58yepxQa4e https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "wa-g9hYWSMCLiMfxaOZPTA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806",
    "build_date" : "2024-08-30T10:04:33.447803Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-46-224 ec2-user]# curl -k -u admin:1ODub*8rE27HawveSnp34n58yepxQa4e https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           61          40   3    0.24    0.19     0.12 dimr      data,ingest,master,remote_cluster_client *               node-1
[root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --wazuh-server wazuh-1
12/09/2024 10:43:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
12/09/2024 10:43:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/09/2024 10:43:41 INFO: Verifying that your system meets the recommended minimum hardware requirements.
12/09/2024 10:43:41 INFO: Wazuh repository added.
12/09/2024 10:43:42 INFO: --- Wazuh server ---
12/09/2024 10:43:42 INFO: Starting the Wazuh manager installation.
12/09/2024 10:44:58 INFO: Wazuh manager installation finished.
12/09/2024 10:44:58 INFO: Wazuh manager vulnerability detection configuration finished.
12/09/2024 10:44:58 INFO: Starting service wazuh-manager.
12/09/2024 10:45:18 INFO: wazuh-manager service started.
12/09/2024 10:45:18 INFO: Starting Filebeat installation.
12/09/2024 10:45:55 INFO: Filebeat installation finished.
12/09/2024 10:45:59 INFO: Filebeat post-install configuration finished.
12/09/2024 10:46:00 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
12/09/2024 10:46:28 INFO: Starting service filebeat.
12/09/2024 10:46:30 INFO: filebeat service started.
12/09/2024 10:46:30 INFO: Installation finished.
[root@ip-172-31-46-224 ec2-user]# bash wazuh-install.sh --wazuh-dashboard dashboard
12/09/2024 10:49:21 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
12/09/2024 10:49:21 INFO: Verbose logging redirected to /var/log/wazuh-install.log
12/09/2024 10:49:22 INFO: Verifying that your system meets the recommended minimum hardware requirements.
12/09/2024 10:49:22 INFO: Wazuh web interface port will be 443.
12/09/2024 10:49:22 INFO: Wazuh repository added.
12/09/2024 10:49:22 INFO: --- Wazuh dashboard ----
12/09/2024 10:49:22 INFO: Starting Wazuh dashboard installation.
12/09/2024 10:51:30 INFO: Wazuh dashboard installation finished.
12/09/2024 10:51:30 INFO: Wazuh dashboard post-install configuration finished.
12/09/2024 10:51:30 INFO: Starting service wazuh-dashboard.
12/09/2024 10:51:31 INFO: wazuh-dashboard service started.
12/09/2024 10:51:53 INFO: Initializing Wazuh dashboard web application.
12/09/2024 10:51:54 INFO: Wazuh dashboard web application initialized.
12/09/2024 10:51:54 INFO: --- Summary ---
12/09/2024 10:51:54 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: 1ODub*8rE27HawveSnp34n58yepxQa4e
12/09/2024 10:51:54 INFO: Installation finished.
Tests logs: 
[root@ip-172-31-46-224 ec2-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

[root@ip-172-31-46-224 ec2-user]# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap IjiNThuO?uE7pwC*w8f1M11QB+1ijBYV
12/09/2024 11:20:30 INFO: Updating the internal users.
12/09/2024 11:20:37 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
12/09/2024 11:20:59 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
12/09/2024 11:21:38 INFO: The password for user admin is d+3vKUZqyosc1+npKIR2OEUh3iDMtunw
12/09/2024 11:21:38 INFO: The password for user anomalyadmin is TYuotplr1nj6jEbKy6wzWt*?U30pX07R
12/09/2024 11:21:38 INFO: The password for user kibanaserver is +Yl?pne2*Iy0Cn6h47ebB5bUe.+2kDG*
12/09/2024 11:21:38 INFO: The password for user kibanaro is WqvzGQ?+uST*eoV1RO9a*9Qlo1BSdvxk
12/09/2024 11:21:38 INFO: The password for user logstash is FWVlsdEmfMqdJ*.zim1LEgGG9Czks5Io
12/09/2024 11:21:38 INFO: The password for user readall is 6gYNkG2ATow3OAG54JMfKhyR?sSnI4Aw
12/09/2024 11:21:38 INFO: The password for user snapshotrestore is 2R+yETyBec6jNELBQH+0V9i?+VXYsuGP
12/09/2024 11:21:38 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
12/09/2024 11:21:41 INFO: The password for Wazuh API user wazuh is R+Uz*yBb6Qc*nHCvu0M8CBsfaa?d6hDA
12/09/2024 11:21:41 INFO: The password for Wazuh API user wazuh-wui is AD.K*EL10nFUADozLY8R9lb9C5Xry*oh
12/09/2024 11:21:41 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
Web Dashboard:

Landing page:
landing-page-amazon-component

About:
about-amazon-components

Offline installation ✅

Ubuntu 22 ✅

Installation logs: 
root@ip-172-31-41-116:/home/ubuntu# ls
wazuh-install-files.tar  wazuh-install.sh  wazuh-offline.tar.gz
root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1
13/09/2024 09:57:58 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 09:57:58 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 09:57:58 INFO: Checking installed dependencies for Offline installation.
13/09/2024 09:58:03 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 09:58:04 INFO: Checking prerequisites for Offline installation.
13/09/2024 09:58:07 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 09:58:18 INFO: --- Wazuh indexer ---
13/09/2024 09:58:18 INFO: Starting Wazuh indexer installation.
13/09/2024 09:59:11 INFO: Wazuh indexer installation finished.
13/09/2024 09:59:11 INFO: Wazuh indexer post-install configuration finished.
13/09/2024 09:59:11 INFO: Starting service wazuh-indexer.
13/09/2024 09:59:35 INFO: wazuh-indexer service started.
13/09/2024 09:59:35 INFO: Initializing Wazuh indexer cluster security settings.
13/09/2024 09:59:38 INFO: Wazuh indexer cluster initialized.
13/09/2024 09:59:38 INFO: Installation finished.
root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --start-cluster
13/09/2024 10:01:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 10:01:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 10:01:24 INFO: Checking installed dependencies for Offline installation.
13/09/2024 10:01:29 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 10:01:29 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 10:01:35 INFO: Wazuh indexer cluster security configuration initialized.
13/09/2024 10:01:54 INFO: Updating the internal users.
13/09/2024 10:01:58 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
13/09/2024 10:02:15 INFO: Wazuh indexer cluster started.
root@ip-172-31-41-116:/home/ubuntu# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr'
root@ip-172-31-41-116:/home/ubuntu# curl -k -u admin:M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "O7y4BbMrSOKCCcUTUhy8Jw",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806",
    "build_date" : "2024-08-30T10:06:03.028357Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ip-172-31-41-116:/home/ubuntu# curl -k -u admin:M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           51          76  12    0.11    0.41     0.25 dimr      data,ingest,master,remote_cluster_client *               node-1
root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1
13/09/2024 10:05:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 10:05:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 10:05:06 INFO: Checking installed dependencies for Offline installation.
13/09/2024 10:05:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 10:05:12 INFO: Checking prerequisites for Offline installation.
13/09/2024 10:05:15 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 10:05:15 INFO: --- Wazuh server ---
13/09/2024 10:05:15 INFO: Starting the Wazuh manager installation.
13/09/2024 10:07:06 INFO: Wazuh manager installation finished.
13/09/2024 10:07:06 INFO: Wazuh manager vulnerability detection configuration finished.
13/09/2024 10:07:06 INFO: Starting service wazuh-manager.
13/09/2024 10:07:30 INFO: wazuh-manager service started.
13/09/2024 10:07:30 INFO: Starting Filebeat installation.
13/09/2024 10:07:51 INFO: Filebeat installation finished.
13/09/2024 10:07:51 INFO: Filebeat post-install configuration finished.
13/09/2024 10:07:56 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
13/09/2024 10:08:23 INFO: Starting service filebeat.
13/09/2024 10:08:25 INFO: filebeat service started.
13/09/2024 10:08:26 INFO: Installation finished.
root@ip-172-31-41-116:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard
13/09/2024 10:12:54 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 10:12:54 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 10:12:54 INFO: Checking installed dependencies for Offline installation.
13/09/2024 10:12:59 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 10:12:59 INFO: Wazuh web interface port will be 443.
13/09/2024 10:13:00 INFO: Checking prerequisites for Offline installation.
13/09/2024 10:13:03 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 10:13:04 INFO: --- Wazuh dashboard ----
13/09/2024 10:13:04 INFO: Starting Wazuh dashboard installation.
13/09/2024 10:14:02 INFO: Wazuh dashboard installation finished.
13/09/2024 10:14:02 INFO: Wazuh dashboard post-install configuration finished.
13/09/2024 10:14:02 INFO: Starting service wazuh-dashboard.
13/09/2024 10:14:03 INFO: wazuh-dashboard service started.
13/09/2024 10:14:28 INFO: Initializing Wazuh dashboard web application.
13/09/2024 10:14:29 INFO: Wazuh dashboard web application initialized.
13/09/2024 10:14:29 INFO: --- Summary ---
13/09/2024 10:14:29 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: M+dHTlkpqj+U5fQoYLOyYCxFPHyEqXxr
13/09/2024 10:14:29 INFO: Installation finished.
Tests logs: 
root@ip-172-31-41-116:/home/ubuntu# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

root@ip-172-31-41-116:/home/ubuntu# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap oNEN3+?8B5AOb8GODL4UQeM+DUwkHbiP
13/09/2024 10:19:54 INFO: Updating the internal users.
13/09/2024 10:19:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
13/09/2024 10:20:13 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
13/09/2024 10:20:47 INFO: The password for user admin is HlmPR2E?gWp.ClsYs2*f8ELZwZZs5JMU
13/09/2024 10:20:47 INFO: The password for user anomalyadmin is 8jVd*I6NwASuGlCt927q4Clmg?mreY8h
13/09/2024 10:20:47 INFO: The password for user kibanaserver is Oq.HCY4K.4.va*q65Bx?TMJzq5nLTnqA
13/09/2024 10:20:47 INFO: The password for user kibanaro is OlxjhDd8ugDU+iQaF5uGnURK08gFAA*P
13/09/2024 10:20:47 INFO: The password for user logstash is SvQ.+OzyBlzg64v65yOxuY2vddPRjavL
13/09/2024 10:20:47 INFO: The password for user readall is Z?CE69bwg3zLNdACp4mTFBYXWyXTkNYW
13/09/2024 10:20:47 INFO: The password for user snapshotrestore is 4+uq?uGIuhiqpF5?PgR9QZaS9B1*mruM
13/09/2024 10:20:47 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
13/09/2024 10:20:49 INFO: The password for Wazuh API user wazuh is ML.E2FZBEgedth0CuPiSMX*WxBZ1nTUr
13/09/2024 10:20:49 INFO: The password for Wazuh API user wazuh-wui is aH1fN5mSmc2w+*M6FOQk0eCmbX3Og6x?
13/09/2024 10:20:49 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
Web Dashboard:

Landing page:
imagen

About:
imagen

Amazon Linux 2023 ✅

Installation logs: 
[root@ip-172-31-33-251 ec2-user]# ls
wazuh-install-files.tar  wazuh-install.sh  wazuh-offline.tar.gz
[root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1
13/09/2024 09:32:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 09:32:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 09:32:04 INFO: Checking installed dependencies for Offline installation.
13/09/2024 09:32:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 09:32:07 INFO: Checking prerequisites for Offline installation.
13/09/2024 09:32:08 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 09:32:21 INFO: --- Wazuh indexer ---
13/09/2024 09:32:21 INFO: Starting Wazuh indexer installation.
13/09/2024 09:32:45 INFO: Wazuh indexer installation finished.
13/09/2024 09:32:45 INFO: Wazuh indexer post-install configuration finished.
13/09/2024 09:32:45 INFO: Starting service wazuh-indexer.
13/09/2024 09:33:09 INFO: wazuh-indexer service started.
13/09/2024 09:33:09 INFO: Initializing Wazuh indexer cluster security settings.
13/09/2024 09:33:10 INFO: Wazuh indexer cluster initialized.
13/09/2024 09:33:10 INFO: Installation finished.
[root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --start-cluster
13/09/2024 09:33:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 09:33:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 09:33:46 INFO: Checking installed dependencies for Offline installation.
13/09/2024 09:33:48 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 09:33:48 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 09:33:55 INFO: Wazuh indexer cluster security configuration initialized.
13/09/2024 09:34:05 INFO: Updating the internal users.
13/09/2024 09:34:10 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
13/09/2024 09:34:27 INFO: Wazuh indexer cluster started.
[root@ip-172-31-33-251 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: '2ADziTtn?Mq*lqip8rpycDli9EGgNPcY'
[root@ip-172-31-33-251 ec2-user]# curl -k -u admin:2ADziTtn?Mq*lqip8rpycDli9EGgNPcY https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "WxbFqwmoTfCSW4M7fvQsDA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "9fd1835bba77ae04d48550eb4dc9be4787070806",
    "build_date" : "2024-08-30T10:04:33.447803Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-33-251 ec2-user]# curl -k -u admin:2ADziTtn?Mq*lqip8rpycDli9EGgNPcY https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           29          70  16    0.24    0.39     0.20 dimr      data,ingest,master,remote_cluster_client *               node-1
[root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1
13/09/2024 09:37:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 09:37:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 09:37:24 INFO: Checking installed dependencies for Offline installation.
13/09/2024 09:37:27 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 09:37:27 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 09:37:28 INFO: --- Wazuh server ---
13/09/2024 09:37:28 INFO: Starting the Wazuh manager installation.
13/09/2024 09:38:38 INFO: Wazuh manager installation finished.
13/09/2024 09:38:38 INFO: Wazuh manager vulnerability detection configuration finished.
13/09/2024 09:38:38 INFO: Starting service wazuh-manager.
13/09/2024 09:38:57 INFO: wazuh-manager service started.
13/09/2024 09:38:57 INFO: Starting Filebeat installation.
13/09/2024 09:39:18 INFO: Filebeat installation finished.
13/09/2024 09:39:19 INFO: Filebeat post-install configuration finished.
13/09/2024 09:39:21 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
13/09/2024 09:39:47 INFO: Starting service filebeat.
13/09/2024 09:39:48 INFO: filebeat service started.
13/09/2024 09:39:48 INFO: Installation finished.
[root@ip-172-31-33-251 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard
13/09/2024 09:42:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
13/09/2024 09:42:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/09/2024 09:42:05 INFO: Checking installed dependencies for Offline installation.
13/09/2024 09:42:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
13/09/2024 09:42:08 INFO: Wazuh web interface port will be 443.
13/09/2024 09:42:08 INFO: Checking prerequisites for Offline installation.
13/09/2024 09:42:08 INFO: Checking wazuh-offline.tar.gz file.
13/09/2024 09:42:09 INFO: --- Wazuh dashboard ----
13/09/2024 09:42:09 INFO: Starting Wazuh dashboard installation.
13/09/2024 09:44:01 INFO: Wazuh dashboard installation finished.
13/09/2024 09:44:01 INFO: Wazuh dashboard post-install configuration finished.
13/09/2024 09:44:01 INFO: Starting service wazuh-dashboard.
13/09/2024 09:44:02 INFO: wazuh-dashboard service started.
13/09/2024 09:44:20 INFO: Initializing Wazuh dashboard web application.
13/09/2024 09:44:22 INFO: Wazuh dashboard web application initialized.
13/09/2024 09:44:22 INFO: --- Summary ---
13/09/2024 09:44:22 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: 2ADziTtn?Mq*lqip8rpycDli9EGgNPcY
13/09/2024 09:44:22 INFO: Installation finished.
Tests logs: 
[root@ip-172-31-33-251 ec2-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

[root@ip-172-31-33-251 ec2-user]# bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh -a -A -au wazuh -ap ?+0lCak49m2?oeUMihe?cTjp5QUdd*3r
13/09/2024 10:20:55 INFO: Updating the internal users.
13/09/2024 10:21:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
13/09/2024 10:21:13 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
13/09/2024 10:21:47 INFO: The password for user admin is XUh?ZTu9pbwlHZxpK62LmSchppm?opQE
13/09/2024 10:21:47 INFO: The password for user anomalyadmin is 3sXeLK1werKWmdWhOI6.oxIV6msMn1TD
13/09/2024 10:21:47 INFO: The password for user kibanaserver is YMZlanG+JWoQR6G5wYhUkB51d*6s5*Qg
13/09/2024 10:21:47 INFO: The password for user kibanaro is GHYt6N8fHr*1e0fGCD9BJ5t.+sGs?9li
13/09/2024 10:21:47 INFO: The password for user logstash is .oEgVCreq.EomgQiS0Gl9Xi5QZOd.na5
13/09/2024 10:21:47 INFO: The password for user readall is 1tBZ06?D+ts0PK1e**8+lgCo2QaUCL.e
13/09/2024 10:21:47 INFO: The password for user snapshotrestore is Z4tt9*YzySnR05q?dnhedFnnNvT0o7?x
13/09/2024 10:21:47 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
13/09/2024 10:21:49 INFO: The password for Wazuh API user wazuh is MQTuCZce452rXEw?YKP622giDYFNPzbe
13/09/2024 10:21:50 INFO: The password for Wazuh API user wazuh-wui is 840TirJ1vY6+IGZ*tHBeNOW37b0wXDk9
13/09/2024 10:21:50 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
Web Dashboard:

Landing page:
imagen

About:
imagen

@CarlosALgit CarlosALgit requested a review from a team September 13, 2024 11:30
@CarlosALgit CarlosALgit self-assigned this Sep 13, 2024
@CarlosALgit CarlosALgit linked an issue Sep 13, 2024 that may be closed by this pull request
Updating Filebeat credentials when trying to install Wazuh dashboard #3115
Closed
@c-bordon c-bordon merged commit b7600a1 into 4.9.1 Sep 16, 2024
4 checks passed
@c-bordon c-bordon deleted the bug/3115-fix-filebeat-credentials-update branch September 16, 2024 11:58
This was referenced Sep 23, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidcr01 davidcr01 davidcr01 approved these changes

@c-bordon c-bordon c-bordon approved these changes

Assignees

@CarlosALgit CarlosALgit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Updating Filebeat credentials when trying to install Wazuh dashboard
3 participants
@CarlosALgit @c-bordon @davidcr01