Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ARM architecture for Wazuh central components #225

Merged
merged 3 commits into from
Jan 31, 2025
Merged

Support ARM architecture for Wazuh central components #225

merged 3 commits into from
Jan 31, 2025

Conversation

fcaffieri
Copy link
Member

@fcaffieri fcaffieri commented Jan 30, 2025
edited
Loading

Closes #155

Description

The goal of this PR is for the Wazuh installation wizard to support the installation of ARM packages for core components.

Test

Important

For test this variables where set:

repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH"
repobaseurl="https://packages-dev.wazuh.com/idr1887/pre-release"
reporelease="unstable"
filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"
bucket="packages-dev.wazuh.com/idr1887"
repository="pre-release"

And need to hardcode this variable filebeat_wazuh_template with:

'https://raw.githubusercontent.com/wazuh/wazuh/4.12.0/extensions/elasticsearch/7.x/wazuh-template.json'

Important

Revision change for offline install:

  manager_revision="707"
  indexer_revision="707"
  dashboard_revision="707"

Important

Wazuh_gpg_key changed:
from: readonly wazuh_gpg_key="https://${bucket}/key/GPG-KEY-WAZUH"
to: readonly wazuh_gpg_key="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH"

Important

Another change in offline validation:
form:

if [ "${sys_type}" == "apt-get" ]; then
        required_files+=("${offline_packages_path}/filebeat-oss-*.deb" "${offline_packages_path}/wazuh-dashboard_*.deb" "${offline_packages_path}/> wazuh-indexer_*.deb" "${offline_packages_path}/wazuh-manager_*.deb")
    elif [ "${sys_type}" == "rpm" ]; then
        required_files+=("${offline_packages_path}/filebeat-oss-*.rpm" "${offline_packages_path}/wazuh-dashboard_*.rpm" "${offline_packages_path}/> wazuh-indexer_*.rpm" "${offline_packages_path}/wazuh-manager_*.rpm")
    fi

to:

if [ "${sys_type}" == "apt-get" ]; then
    required_files+=("${offline_packages_path}/filebeat_*.deb" "${offline_packages_path}/wazuh-dashboard_*.deb" "${offline_packages_path}/wazuh-indexer_*.deb" "${offline_packages_path}/wazuh-manager_*.deb")
elif [ "${sys_type}" == "rpm" ]; then
    required_files+=("${offline_packages_path}/filebeat-*.rpm" "${offline_packages_path}/wazuh-dashboard_*.rpm" "${offline_packages_path}/wazuh-indexer_*.rpm" "${offline_packages_path}/wazuh-manager_*.rpm")
fi

These ios because the name of the filebeat change without -oss

Test cases for ARM64:

Sysmtem details: 
root@ip-172-31-38-17:/home/ubuntu# uname -a
Linux ip-172-31-38-17 6.2.0-1012-aws #12~22.04.1-Ubuntu SMP Thu Sep  7 16:00:15 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
root@ip-172-31-38-17:/home/ubuntu# uname -m
aarch64
root@ip-172-31-38-17:/home/ubuntu# cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
root@ip-172-31-38-17:/home/ubuntu#
Test AIO Install 🟢 
root@ip-172-31-38-17:/home/ubuntu# bash ./wazuh-install.sh -a -i
30/01/2025 20:18:18 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 20:18:18 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 20:18:25 INFO: --- Removing existing Wazuh installation ---
30/01/2025 20:18:25 INFO: Wazuh GPG key not found in the system
30/01/2025 20:18:25 INFO: Installation cleaned.
30/01/2025 20:18:25 WARNING: Hardware checks ignored.
30/01/2025 20:18:25 INFO: Wazuh web interface port will be 443.
30/01/2025 20:18:35 INFO: Wazuh repository added.
30/01/2025 20:18:35 INFO: --- Configuration files ---
30/01/2025 20:18:35 INFO: Generating configuration files.
30/01/2025 20:18:35 INFO: Generating the root certificate.
30/01/2025 20:18:36 INFO: Generating Admin certificates.
30/01/2025 20:18:37 INFO: Generating Wazuh indexer certificates.
30/01/2025 20:18:37 INFO: Generating Filebeat certificates.
30/01/2025 20:18:39 INFO: Generating Wazuh dashboard certificates.
30/01/2025 20:18:40 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
30/01/2025 20:18:40 INFO: --- Wazuh indexer ---
30/01/2025 20:18:40 INFO: Starting Wazuh indexer installation.
30/01/2025 20:19:05 INFO: Wazuh indexer installation finished.
30/01/2025 20:19:05 INFO: Wazuh indexer post-install configuration finished.
30/01/2025 20:19:05 INFO: Starting service wazuh-indexer.
30/01/2025 20:19:20 INFO: wazuh-indexer service started.
30/01/2025 20:19:20 INFO: Initializing Wazuh indexer cluster security settings.
30/01/2025 20:19:24 INFO: Wazuh indexer cluster security configuration initialized.
30/01/2025 20:19:24 INFO: Wazuh indexer cluster initialized.
30/01/2025 20:19:24 INFO: --- Wazuh server ---
30/01/2025 20:19:24 INFO: Starting the Wazuh manager installation.
30/01/2025 20:20:37 INFO: Wazuh manager installation finished.
30/01/2025 20:20:37 INFO: Wazuh manager vulnerability detection configuration finished.
30/01/2025 20:20:37 INFO: Starting service wazuh-manager.
30/01/2025 20:20:56 INFO: wazuh-manager service started.
30/01/2025 20:20:56 INFO: Starting Filebeat installation.
30/01/2025 20:21:12 INFO: Filebeat installation finished.
30/01/2025 20:21:15 INFO: Filebeat post-install configuration finished.
30/01/2025 20:21:15 INFO: Starting service filebeat.
30/01/2025 20:21:16 INFO: filebeat service started.
30/01/2025 20:21:16 INFO: --- Wazuh dashboard ---
30/01/2025 20:21:16 INFO: Starting Wazuh dashboard installation.
30/01/2025 20:23:45 INFO: Wazuh dashboard installation finished.
30/01/2025 20:23:45 INFO: Wazuh dashboard post-install configuration finished.
30/01/2025 20:23:45 INFO: Starting service wazuh-dashboard.
30/01/2025 20:23:46 INFO: wazuh-dashboard service started.
30/01/2025 20:23:47 INFO: Updating the internal users.
30/01/2025 20:23:51 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/01/2025 20:24:03 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/01/2025 20:24:36 INFO: Initializing Wazuh dashboard web application.
30/01/2025 20:24:37 INFO: Wazuh dashboard web application initialized.
30/01/2025 20:24:37 INFO: --- Summary ---
30/01/2025 20:24:37 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: xxxxxxxxxxxxxxxxxxxxxxx
30/01/2025 20:24:37 INFO: Installation finished.
root@ip-172-31-38-17:/home/ubuntu# 
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 20:19:20 UTC; 5min ago
       Docs: https://documentation.wazuh.com
   Main PID: 373785 (java)
      Tasks: 81 (limit: 9308)
     Memory: 1.3G
        CPU: 51.421s
     CGroup: /system.slice/wazuh-indexer.service
             └─373785 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+Always>

Jan 30 20:19:08 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-i>
Jan 30 20:19:08 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 30 20:19:08 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 20:19:09 ip-172-31-38-17 systemd-entrypoint[373785]: Jan 30, 2025 8:19:09 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jan 30 20:19:09 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: COMPAT locale provider will be removed in a future release
Jan 30 20:19:09 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 30 20:19:09 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-ind>
Jan 30 20:19:09 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 30 20:19:09 ip-172-31-38-17 systemd-entrypoint[373785]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 20:19:20 ip-172-31-38-17 systemd[1]: Started wazuh-indexer.
lines 1-21/21 (END)
^C
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 20:24:24 UTC; 47s ago
      Tasks: 174 (limit: 9308)
     Memory: 870.1M
        CPU: 25.159s
     CGroup: /system.slice/wazuh-manager.service
             ├─426150 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─426151 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─426154 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─426157 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─426198 /var/ossec/bin/wazuh-authd
             ├─426214 /var/ossec/bin/wazuh-db
             ├─426239 /var/ossec/bin/wazuh-execd
             ├─426253 /var/ossec/bin/wazuh-analysisd
             ├─426314 /var/ossec/bin/wazuh-syscheckd
             ├─426336 /var/ossec/bin/wazuh-remoted
             ├─426373 /var/ossec/bin/wazuh-logcollector
             ├─426424 /var/ossec/bin/wazuh-monitord
             └─426487 /var/ossec/bin/wazuh-modulesd

Jan 30 20:24:18 ip-172-31-38-17 env[426088]: Started wazuh-syscheckd...
Jan 30 20:24:19 ip-172-31-38-17 env[426088]: Started wazuh-remoted...
Jan 30 20:24:20 ip-172-31-38-17 env[426088]: Started wazuh-logcollector...
Jan 30 20:24:21 ip-172-31-38-17 env[426088]: Started wazuh-monitord...
Jan 30 20:24:21 ip-172-31-38-17 env[426088]: wazuh-modulesd: Process 426121 not used by Wazuh, removing...
Jan 30 20:24:21 ip-172-31-38-17 env[426482]: 2025/01/30 20:24:21 wazuh-modulesd:router: INFO: Loaded router module.
Jan 30 20:24:21 ip-172-31-38-17 env[426482]: 2025/01/30 20:24:21 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jan 30 20:24:22 ip-172-31-38-17 env[426088]: Started wazuh-modulesd...
Jan 30 20:24:24 ip-172-31-38-17 env[426088]: Completed.
Jan 30 20:24:24 ip-172-31-38-17 systemd[1]: Started Wazuh manager.
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 20:24:26 UTC; 50s ago
   Main PID: 427475 (node)
      Tasks: 11 (limit: 9308)
     Memory: 164.9M
        CPU: 9.418s
     CGroup: /system.slice/wazuh-dashboard.service
             └─427475 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Jan 30 20:24:34 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:24:34Z","tags":["info","plugins","wazuh","initialize"],"pid":427475,"m>
Jan 30 20:24:34 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:24:34Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":42747>
Jan 30 20:24:34 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:24:34Z","tags":["info","plugins","wazuh","monitoring"],"pid":427475,"m>
Jan 30 20:24:34 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:24:34Z","tags":["listening","info"],"pid":427475,"message":"Server run>
Jan 30 20:24:34 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:24:34Z","tags":["info","http","server","OpenSearchDashboards"],"pid":4>
Jan 30 20:24:34 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:24:34Z","tags":["info","plugins","wazuh","monitoring"],"pid":427475,"m>
Jan 30 20:24:36 ip-172-31-38-17 opensearch-dashboards[427475]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeo>
Jan 30 20:24:37 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"response","@timestamp":"2025-01-30T20:24:36Z","tags":[],"pid":427475,"method":"get","statusCode":200,"r>
Jan 30 20:25:00 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:25:00Z","tags":["error","opensearch","data"],"pid":427475,"message":"[>
Jan 30 20:25:00 ip-172-31-38-17 opensearch-dashboards[427475]: {"type":"log","@timestamp":"2025-01-30T20:25:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":42747>

root@ip-172-31-38-17:/home/ubuntu# 

root@ip-172-31-38-17:/home/ubuntu# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
root@ip-172-31-38-17:/home/ubuntu# 
root@ip-172-31-38-17:/home/ubuntu# grep -i -E "(error|warning)" /var/ossec/logs/ossec.log 
root@ip-172-31-38-17:/home/ubuntu#

Image

Test Uninstall 🟢 
root@ip-172-31-38-17:/home/ubuntu# bash ./wazuh-install.sh -u
30/01/2025 20:27:45 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 20:27:45 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 20:27:47 INFO: Removing Wazuh manager.
30/01/2025 20:28:01 INFO: Wazuh manager removed.
30/01/2025 20:28:01 INFO: Removing Wazuh indexer.
30/01/2025 20:28:08 INFO: Wazuh indexer removed.
30/01/2025 20:28:08 INFO: Removing Filebeat.
30/01/2025 20:28:14 INFO: Filebeat removed.
30/01/2025 20:28:14 INFO: Removing Wazuh dashboard.
30/01/2025 20:28:24 INFO: Wazuh dashboard removed.
root@ip-172-31-38-17:/home/ubuntu# ls -ltr /var/ossec
ls: cannot access '/var/ossec': No such file or directory
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-indexer
Unit wazuh-indexer.service could not be found.
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-manager
Unit wazuh-manager.service could not be found.
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-dashboard
Unit wazuh-dashboard.service could not be found.
root@ip-172-31-38-17:/home/ubuntu#
Test Distributed 🟢
Test install Indexer 🟢 
root@ip-172-31-38-17:/home/ubuntu# cat config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: 127.0.0.1
    #- name: node-2
    #  ip: "<indexer-node-ip>"
    #- name: node-3
    #  ip: "<indexer-node-ip>"

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: 127.0.0.1
    #  node_type: master
    #- name: wazuh-2
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker
    #- name: wazuh-3
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard
      ip: 127.0.0.1
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --generate-config-files
30/01/2025 20:52:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 20:52:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 20:52:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 20:52:46 INFO: --- Configuration files ---
30/01/2025 20:52:46 INFO: Generating configuration files.
30/01/2025 20:52:46 INFO: Generating the root certificate.
30/01/2025 20:52:48 INFO: Generating Admin certificates.
30/01/2025 20:52:48 INFO: Generating Wazuh indexer certificates.
30/01/2025 20:52:49 INFO: Generating Filebeat certificates.
30/01/2025 20:52:50 INFO: Generating Wazuh dashboard certificates.
30/01/2025 20:52:50 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
root@ip-172-31-38-17:/home/ubuntu# ls -ltr
total 204
-rw-r--r-- 1 root root 193237 Jan 30 20:39 wazuh-install.sh
-rw------- 1 root root  11174 Jan 30 20:52 wazuh-install-files.tar
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --wazuh-indexer node-1
30/01/2025 20:53:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 20:53:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 20:53:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 20:53:19 INFO: Wazuh repository added.
30/01/2025 20:53:20 INFO: --- Wazuh indexer ---
30/01/2025 20:53:20 INFO: Starting Wazuh indexer installation.
30/01/2025 20:53:44 INFO: Wazuh indexer installation finished.
30/01/2025 20:53:44 INFO: Wazuh indexer post-install configuration finished.
30/01/2025 20:53:44 INFO: Starting service wazuh-indexer.
30/01/2025 20:53:59 INFO: wazuh-indexer service started.
30/01/2025 20:53:59 INFO: Initializing Wazuh indexer cluster security settings.
30/01/2025 20:54:01 INFO: Wazuh indexer cluster initialized.
30/01/2025 20:54:01 INFO: Installation finished.
root@ip-172-31-38-17:/home/ubuntu#
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --start-cluster
30/01/2025 21:08:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:08:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:08:29 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:08:31 INFO: Wazuh indexer cluster security configuration initialized.
30/01/2025 21:08:34 INFO: Updating the internal users.
30/01/2025 21:08:36 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/01/2025 21:08:49 INFO: Wazuh indexer cluster started.
root@ip-172-31-38-17:/home/ubuntu# 
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 20:53:59 UTC; 16min ago
       Docs: https://documentation.wazuh.com
   Main PID: 493368 (java)
      Tasks: 75 (limit: 9308)
     Memory: 1.3G
        CPU: 56.215s
     CGroup: /system.slice/wazuh-indexer.service
             └─493368 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+Always>

Jan 30 20:53:47 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-i>
Jan 30 20:53:47 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 30 20:53:47 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 20:53:48 ip-172-31-38-17 systemd-entrypoint[493368]: Jan 30, 2025 8:53:48 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jan 30 20:53:48 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: COMPAT locale provider will be removed in a future release
Jan 30 20:53:48 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 30 20:53:48 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-ind>
Jan 30 20:53:48 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 30 20:53:48 ip-172-31-38-17 systemd-entrypoint[493368]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 20:53:59 ip-172-31-38-17 systemd[1]: Started wazuh-indexer.

root@ip-172-31-38-17:/home/ubuntu# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'xxxxxxxx'
root@ip-172-31-38-17:/home/ubuntu# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "c3DJkTRnQZuqJlSBPe00PQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "20f04b54e84e90747c861bde395497f059929cea",
    "build_date" : "2025-01-17T12:58:50.149839Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ip-172-31-38-17:/home/ubuntu# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           45          65   3    0.05    0.11     0.25 dimr      data,ingest,master,remote_cluster_client *               node-1
root@ip-172-31-38-17:/home/ubuntu#
Test install Server 🟢 
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --wazuh-server wazuh-1
30/01/2025 21:13:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:13:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:13:17 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:13:22 INFO: Wazuh repository added.
30/01/2025 21:13:22 INFO: --- Wazuh server ---
30/01/2025 21:13:22 INFO: Starting the Wazuh manager installation.
30/01/2025 21:14:35 INFO: Wazuh manager installation finished.
30/01/2025 21:14:35 INFO: Wazuh manager vulnerability detection configuration finished.
30/01/2025 21:14:35 INFO: Starting service wazuh-manager.
30/01/2025 21:14:54 INFO: wazuh-manager service started.
30/01/2025 21:14:54 INFO: Starting Filebeat installation.
30/01/2025 21:15:11 INFO: Filebeat installation finished.
30/01/2025 21:15:14 INFO: Filebeat post-install configuration finished.
30/01/2025 21:15:17 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/01/2025 21:15:41 INFO: Starting service filebeat.
30/01/2025 21:15:42 INFO: filebeat service started.
30/01/2025 21:15:42 INFO: Installation finished.
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 21:15:38 UTC; 1min 4s ago
      Tasks: 168 (limit: 9308)
     Memory: 3.9G
        CPU: 54.873s
     CGroup: /system.slice/wazuh-manager.service
             ├─550174 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─550175 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─550178 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─550181 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─550222 /var/ossec/bin/wazuh-authd
             ├─550238 /var/ossec/bin/wazuh-db
             ├─550263 /var/ossec/bin/wazuh-execd
             ├─550277 /var/ossec/bin/wazuh-analysisd
             ├─550338 /var/ossec/bin/wazuh-syscheckd
             ├─550359 /var/ossec/bin/wazuh-remoted
             ├─550404 /var/ossec/bin/wazuh-logcollector
             ├─550459 /var/ossec/bin/wazuh-monitord
             └─550520 /var/ossec/bin/wazuh-modulesd

Jan 30 21:15:32 ip-172-31-38-17 env[550112]: Started wazuh-syscheckd...
Jan 30 21:15:33 ip-172-31-38-17 env[550112]: Started wazuh-remoted...
Jan 30 21:15:34 ip-172-31-38-17 env[550112]: Started wazuh-logcollector...
Jan 30 21:15:35 ip-172-31-38-17 env[550112]: Started wazuh-monitord...
Jan 30 21:15:35 ip-172-31-38-17 env[550112]: wazuh-modulesd: Process 550145 not used by Wazuh, removing...
Jan 30 21:15:35 ip-172-31-38-17 env[550518]: 2025/01/30 21:15:35 wazuh-modulesd:router: INFO: Loaded router module.
Jan 30 21:15:35 ip-172-31-38-17 env[550518]: 2025/01/30 21:15:35 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jan 30 21:15:36 ip-172-31-38-17 env[550112]: Started wazuh-modulesd...
Jan 30 21:15:38 ip-172-31-38-17 env[550112]: Completed.
Jan 30 21:15:38 ip-172-31-38-17 systemd[1]: Started Wazuh manager.
root@ip-172-31-38-17:/home/ubuntu# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
root@ip-172-31-38-17:/home/ubuntu#
Test install Dashboard 🟢 
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --wazuh-dashboard dashboard
30/01/2025 21:17:45 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:17:45 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:17:53 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:17:53 INFO: Wazuh web interface port will be 443.
30/01/2025 21:17:59 INFO: Wazuh repository added.
30/01/2025 21:17:59 INFO: --- Wazuh dashboard ----
30/01/2025 21:17:59 INFO: Starting Wazuh dashboard installation.
30/01/2025 21:18:57 INFO: Wazuh dashboard installation finished.
30/01/2025 21:18:57 INFO: Wazuh dashboard post-install configuration finished.
30/01/2025 21:18:57 INFO: Starting service wazuh-dashboard.
30/01/2025 21:18:58 INFO: wazuh-dashboard service started.
30/01/2025 21:19:19 INFO: Initializing Wazuh dashboard web application.
30/01/2025 21:19:20 INFO: Wazuh dashboard web application initialized.
30/01/2025 21:19:20 INFO: --- Summary ---
30/01/2025 21:19:20 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: Lb.wvaGQk.0*W9LwYEdswV5CHNgWJkM7
30/01/2025 21:19:20 INFO: Installation finished.
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 21:19:04 UTC; 27s ago
   Main PID: 553541 (node)
      Tasks: 11 (limit: 9308)
     Memory: 181.5M
        CPU: 9.080s
     CGroup: /system.slice/wazuh-dashboard.service
             └─553541 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Jan 30 21:19:11 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:11Z","tags":["info","plugins","wazuh","initialize"],"pid":553541,"m>
Jan 30 21:19:12 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:12Z","tags":["error","opensearch","data"],"pid":553541,"message":"[>
Jan 30 21:19:12 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:12Z","tags":["error","opensearch","data"],"pid":553541,"message":"[>
Jan 30 21:19:12 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:12Z","tags":["listening","info"],"pid":553541,"message":"Server run>
Jan 30 21:19:12 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:12Z","tags":["info","http","server","OpenSearchDashboards"],"pid":5>
Jan 30 21:19:12 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:12Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":55354>
Jan 30 21:19:12 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:12Z","tags":["info","plugins","wazuh","monitoring"],"pid":553541,"m>
Jan 30 21:19:12 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"log","@timestamp":"2025-01-30T21:19:12Z","tags":["error","plugins","wazuh","monitoring"],"pid":553541,">
Jan 30 21:19:19 ip-172-31-38-17 opensearch-dashboards[553541]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeo>
Jan 30 21:19:20 ip-172-31-38-17 opensearch-dashboards[553541]: {"type":"response","@timestamp":"2025-01-30T21:19:19Z","tags":[],"pid":553541,"method":"get","statusCode":200,"r>
lines 1-20/20 (END)
^C
root@ip-172-31-38-17:/home/ubuntu#

Image

Test Offline 🟢
Download package 🟢
  • Validations of new param:
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw rpm
30/01/2025 21:55:53 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:55:53 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:56:00 ERROR: To download the packages it is necessary to set the architecture in -da|--download-arch <amd64|x86_64|arm64|aarch64>
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw rpm -da amd65
30/01/2025 21:56:37 ERROR: Error on arguments. Probably missing <amd64|x86_64|arm64|aarch64> after -da|--download-arch

NAME
        wazuh-install.sh - Install and configure Wazuh central components: Wazuh server, Wazuh indexer, and Wazuh dashboard.

SYNOPSIS
        wazuh-install.sh [OPTIONS] -a | -c | -s | -wi <indexer-node-name> | -wd <dashboard-node-name> | -ws <server-node-name>

DESCRIPTION
        -a,  --all-in-one
                Install and configure Wazuh server, Wazuh indexer, Wazuh dashboard.

        -c,  --config-file <path-to-config-yml>
                Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script.

        -d [pre-release|staging],  --development
                Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository.

        -dw,  --download-wazuh <deb|rpm>
                Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)

        -da,  --download-arch <amd64|arm64|x86_64|aarch64>
                Define the architecture of the packages to download for offline installation.

        -fd,  --force-install-dashboard
                Force Wazuh dashboard installation to continue even when it is not capable of connecting to the Wazuh indexer.

        -g,  --generate-config-files
                Generate wazuh-install-files.tar file containing the files that will be needed for installation from config.yml. In distributed deployments you will need to copy this file to all hosts.

        -h,  --help
                Display this help and exit.

        -i,  --ignore-check
                Ignore the check for minimum hardware requirements.

        -o,  --overwrite
                Overwrites previously installed components. This will erase all the existing configuration and data.

        -of,  --offline-installation
                Perform an offline installation. This option must be used with -a, -ws, -s, -wi, or -wd.

        -p,  --port
                Specifies the Wazuh web user interface port. By default is the 443 TCP port. Recommended ports are: 8443, 8444, 8080, 8888, 9000.

        -s,  --start-cluster
                Initialize Wazuh indexer cluster security settings.

        -t,  --tar <path-to-certs-tar>
                Path to tar file containing certificate files. By default, the Wazuh installation assistant will search for a file named wazuh-install-files.tar in the same path as the script.

        -u,  --uninstall
                Uninstalls all Wazuh components. This will erase all the existing configuration and data.

        -v,  --verbose
                Shows the complete installation output.

        -V,  --version
                Shows the version of the script and Wazuh packages.

        -wd,  --wazuh-dashboard <dashboard-node-name>
                Install and configure Wazuh dashboard, used for distributed deployments.

        -wi,  --wazuh-indexer <indexer-node-name>
                Install and configure Wazuh indexer, used for distributed deployments.

        -ws,  --wazuh-server <server-node-name>
                Install and configure Wazuh manager and Filebeat, used for distributed deployments.
root@ip-172-31-38-17:/home/ubuntu# 
root@ip-172-31-38-17:/home/ubuntu# 
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw rpm -da amd64
30/01/2025 21:56:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:56:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:56:50 ERROR: Architecture amd64 not valid for package type rpm
root@ip-172-31-38-17:/home/ubuntu#
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw rpm -da arm64
30/01/2025 22:01:53 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 22:01:53 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 22:02:00 ERROR: Architecture arm64 not valid for package type rpm
root@ip-172-31-38-17:/home/ubuntu#
  • Download packages:
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw deb -da arm64
30/01/2025 23:06:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:06:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:06:35 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:06:36 INFO: --- Download Packages ---
30/01/2025 23:06:36 INFO: Starting Wazuh packages download.
30/01/2025 23:06:36 INFO: Downloading Wazuh deb packages for arm64.
30/01/2025 23:06:39 INFO: The manager package was downloaded.
30/01/2025 23:06:40 INFO: The filebeat package was downloaded.
30/01/2025 23:07:02 INFO: The indexer package was downloaded.
30/01/2025 23:07:06 INFO: The dashboard package was downloaded.
30/01/2025 23:07:06 INFO: The packages are in wazuh-offline/wazuh-packages
30/01/2025 23:07:06 INFO: Downloading configuration files and assets.
30/01/2025 23:07:06 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
30/01/2025 23:07:07 INFO: The resource https://packages-dev.wazuh.com/idr1887/4.12/tpl/wazuh/filebeat/filebeat.yml was downloaded.
30/01/2025 23:07:07 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.12.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
30/01/2025 23:07:07 INFO: The resource https://packages-dev.wazuh.com/idr1887/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
30/01/2025 23:07:07 INFO: The configuration files and assets are in wazuh-offline.tar.gz
30/01/2025 23:07:59 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
root@ip-172-31-38-17:/home/ubuntu# 
root@ip-172-31-38-17:/home/ubuntu# ls -tlr
total 1372472
-rw------- 1 root root      11178 Jan 30 21:47 wazuh-install-files.tar
-rw-r--r-- 1 root root     193517 Jan 30 23:06 wazuh-install.sh
-rw------- 1 root root 1405194882 Jan 30 23:07 wazuh-offline.tar.gz
root@ip-172-31-38-17:/home/ubuntu#
Install offline 🟢
  • Wazuh indexer
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1
30/01/2025 23:13:54 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:13:54 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:13:54 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:13:58 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:13:59 INFO: Checking prerequisites for Offline installation.
30/01/2025 23:14:01 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:14:01 INFO: --- Wazuh indexer ---
30/01/2025 23:14:01 INFO: Starting Wazuh indexer installation.
30/01/2025 23:14:26 INFO: Wazuh indexer installation finished.
30/01/2025 23:14:26 INFO: Wazuh indexer post-install configuration finished.
30/01/2025 23:14:26 INFO: Starting service wazuh-indexer.
30/01/2025 23:14:41 INFO: wazuh-indexer service started.
30/01/2025 23:14:41 INFO: Initializing Wazuh indexer cluster security settings.
30/01/2025 23:14:43 INFO: Wazuh indexer cluster initialized.
30/01/2025 23:14:43 INFO: Installation finished.
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --offline-installation --start-cluster
30/01/2025 23:16:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:16:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:16:38 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:16:42 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:16:42 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:16:45 INFO: Wazuh indexer cluster security configuration initialized.
30/01/2025 23:16:57 INFO: Updating the internal users.
30/01/2025 23:17:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/01/2025 23:17:12 INFO: Wazuh indexer cluster started.
root@ip-172-31-38-17:/home/ubuntu# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'xxxxxxxxxxx'
root@ip-172-31-38-17:/home/ubuntu# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "2Z3BdL3DQBKN70dFHUIfMQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "20f04b54e84e90747c861bde395497f059929cea",
    "build_date" : "2025-01-17T12:58:50.149839Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ip-172-31-38-17:/home/ubuntu# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           55          97   6    0.20    0.28     0.17 dimr      data,ingest,master,remote_cluster_client *               node-1
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 23:14:41 UTC; 4min 14s ago
       Docs: https://documentation.wazuh.com
   Main PID: 565808 (java)
      Tasks: 74 (limit: 9308)
     Memory: 1.3G
        CPU: 40.802s
     CGroup: /system.slice/wazuh-indexer.service
             └─565808 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+Always>

Jan 30 23:14:28 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-i>
Jan 30 23:14:28 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 30 23:14:28 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 23:14:29 ip-172-31-38-17 systemd-entrypoint[565808]: Jan 30, 2025 11:14:29 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jan 30 23:14:29 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: COMPAT locale provider will be removed in a future release
Jan 30 23:14:30 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 30 23:14:30 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-ind>
Jan 30 23:14:30 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 30 23:14:30 ip-172-31-38-17 systemd-entrypoint[565808]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 23:14:41 ip-172-31-38-17 systemd[1]: Started wazuh-indexer.

root@ip-172-31-38-17:/home/ubuntu#
  • Wazuh manager
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1
30/01/2025 23:19:40 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:19:40 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:19:40 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:19:44 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:19:45 INFO: Checking prerequisites for Offline installation.
30/01/2025 23:19:47 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:19:47 INFO: --- Wazuh server ---
30/01/2025 23:19:47 INFO: Starting the Wazuh manager installation.
30/01/2025 23:21:00 INFO: Wazuh manager installation finished.
30/01/2025 23:21:00 INFO: Wazuh manager vulnerability detection configuration finished.
30/01/2025 23:21:00 INFO: Starting service wazuh-manager.
30/01/2025 23:21:19 INFO: wazuh-manager service started.
30/01/2025 23:21:19 INFO: Starting Filebeat installation.
30/01/2025 23:21:35 INFO: Filebeat installation finished.
30/01/2025 23:21:36 INFO: Filebeat post-install configuration finished.
30/01/2025 23:21:39 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/01/2025 23:22:04 INFO: Starting service filebeat.
30/01/2025 23:22:05 INFO: filebeat service started.
30/01/2025 23:22:05 INFO: Installation finished.
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 23:22:01 UTC; 21s ago
      Tasks: 167 (limit: 9308)
     Memory: 3.2G
        CPU: 41.214s
     CGroup: /system.slice/wazuh-manager.service
             ├─618241 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─618242 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─618245 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─618248 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─618289 /var/ossec/bin/wazuh-authd
             ├─618305 /var/ossec/bin/wazuh-db
             ├─618318 /var/ossec/bin/wazuh-execd
             ├─618332 /var/ossec/bin/wazuh-analysisd
             ├─618405 /var/ossec/bin/wazuh-syscheckd
             ├─618427 /var/ossec/bin/wazuh-remoted
             ├─618460 /var/ossec/bin/wazuh-logcollector
             ├─618510 /var/ossec/bin/wazuh-monitord
             └─618572 /var/ossec/bin/wazuh-modulesd

Jan 30 23:21:55 ip-172-31-38-17 env[618176]: Started wazuh-syscheckd...
Jan 30 23:21:56 ip-172-31-38-17 env[618176]: Started wazuh-remoted...
Jan 30 23:21:57 ip-172-31-38-17 env[618176]: Started wazuh-logcollector...
Jan 30 23:21:58 ip-172-31-38-17 env[618176]: Started wazuh-monitord...
Jan 30 23:21:58 ip-172-31-38-17 env[618176]: wazuh-modulesd: Process 618212 not used by Wazuh, removing...
Jan 30 23:21:58 ip-172-31-38-17 env[618569]: 2025/01/30 23:21:58 wazuh-modulesd:router: INFO: Loaded router module.
Jan 30 23:21:58 ip-172-31-38-17 env[618569]: 2025/01/30 23:21:58 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jan 30 23:21:59 ip-172-31-38-17 env[618176]: Started wazuh-modulesd...
Jan 30 23:22:01 ip-172-31-38-17 env[618176]: Completed.
Jan 30 23:22:01 ip-172-31-38-17 systemd[1]: Started Wazuh manager.
root@ip-172-31-38-17:/home/ubuntu# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
root@ip-172-31-38-17:/home/ubuntu#
  • Wazuh dashboard
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard
30/01/2025 23:23:33 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:23:33 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:23:33 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:23:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:23:37 INFO: Wazuh web interface port will be 443.
30/01/2025 23:23:38 INFO: Checking prerequisites for Offline installation.
30/01/2025 23:23:40 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:23:41 INFO: --- Wazuh dashboard ----
30/01/2025 23:23:41 INFO: Starting Wazuh dashboard installation.
30/01/2025 23:25:12 INFO: Wazuh dashboard installation finished.
30/01/2025 23:25:12 INFO: Wazuh dashboard post-install configuration finished.
30/01/2025 23:25:12 INFO: Starting service wazuh-dashboard.
30/01/2025 23:25:13 INFO: wazuh-dashboard service started.
30/01/2025 23:25:34 INFO: Initializing Wazuh dashboard web application.
30/01/2025 23:25:34 INFO: Wazuh dashboard web application initialized.
30/01/2025 23:25:34 INFO: --- Summary ---
30/01/2025 23:25:34 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: mvKtfaWO3XImnwinb*2hsFJQwAqto*X*
30/01/2025 23:25:34 INFO: Installation finished.
root@ip-172-31-38-17:/home/ubuntu# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-01-30 23:25:19 UTC; 1min 15s ago
   Main PID: 620798 (node)
      Tasks: 11 (limit: 9308)
     Memory: 189.5M
        CPU: 9.369s
     CGroup: /system.slice/wazuh-dashboard.service
             └─620798 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["info","plugins","wazuh","initialize"],"pid":620798,"m>
Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["error","opensearch","data"],"pid":620798,"message":"[>
Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["error","opensearch","data"],"pid":620798,"message":"[>
Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["listening","info"],"pid":620798,"message":"Server run>
Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["info","http","server","OpenSearchDashboards"],"pid":6>
Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["info","plugins","wazuh","monitoring"],"pid":620798,"m>
Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":62079>
Jan 30 23:25:26 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"log","@timestamp":"2025-01-30T23:25:26Z","tags":["error","plugins","wazuh","monitoring"],"pid":620798,">
Jan 30 23:25:34 ip-172-31-38-17 opensearch-dashboards[620798]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeo>
Jan 30 23:25:34 ip-172-31-38-17 opensearch-dashboards[620798]: {"type":"response","@timestamp":"2025-01-30T23:25:34Z","tags":[],"pid":620798,"method":"get","statusCode":200,"r>

root@ip-172-31-38-17:/home/ubuntu#

Image

Test cases for AMD64:

Important

Note:
For test this variables where ser:

repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH"
repobaseurl="https://packages-dev.wazuh.com/idr1887/pre-release"
reporelease="unstable"
filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"
bucket="packages-dev.wazuh.com/idr1887"
repository="pre-release"

And need to hardcode this variable filebeat_wazuh_template with:

'https://raw.githubusercontent.com/wazuh/wazuh/4.12.0/extensions/elasticsearch/7.x/wazuh-template.json'
Sysmtem details: 
[root@stack-centos8 vagrant]# uname -a
Linux stack-centos8 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@stack-centos8 vagrant]# uname -m
x86_64
[root@stack-centos8 vagrant]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
[root@stack-centos8 vagrant]#
Test AIO Remove and Install 🟢 
[root@stack-centos8 vagrant]# bash ./wazuh-install.sh -a -i -o
30/01/2025 20:50:46 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 20:50:46 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 20:50:46 INFO: --- Removing existing Wazuh installation ---
30/01/2025 20:50:46 INFO: Removing Wazuh manager.
30/01/2025 20:51:24 INFO: Wazuh manager removed.
30/01/2025 20:51:24 INFO: Removing Wazuh indexer.
30/01/2025 20:51:26 WARNING: The Wazuh indexer package could not be removed.
30/01/2025 20:51:26 INFO: Removing Filebeat.
30/01/2025 20:51:27 WARNING: The Filebeat package could not be removed.
30/01/2025 20:51:27 INFO: Removing Wazuh dashboard.
30/01/2025 20:51:37 WARNING: The Wazuh dashboard package could not be removed.
30/01/2025 20:51:37 INFO: Installation cleaned.
30/01/2025 20:51:37 WARNING: Hardware checks ignored.
30/01/2025 20:51:37 INFO: Wazuh web interface port will be 443.
30/01/2025 20:51:38 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1515, 1514, 443.
30/01/2025 20:51:39 INFO: Wazuh repository added.
30/01/2025 20:51:39 INFO: --- Configuration files ---
30/01/2025 20:51:39 INFO: Generating configuration files.
30/01/2025 20:51:39 INFO: Generating the root certificate.
30/01/2025 20:51:39 INFO: Generating Admin certificates.
30/01/2025 20:51:40 INFO: Generating Wazuh indexer certificates.
30/01/2025 20:51:40 INFO: Generating Filebeat certificates.
30/01/2025 20:51:40 INFO: Generating Wazuh dashboard certificates.
30/01/2025 20:51:40 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
30/01/2025 20:51:40 INFO: --- Wazuh indexer ---
30/01/2025 20:51:40 INFO: Starting Wazuh indexer installation.
30/01/2025 20:53:03 INFO: Wazuh indexer installation finished.
30/01/2025 20:53:03 INFO: Wazuh indexer post-install configuration finished.
30/01/2025 20:53:03 INFO: Starting service wazuh-indexer.
30/01/2025 20:53:18 INFO: wazuh-indexer service started.
30/01/2025 20:53:18 INFO: Initializing Wazuh indexer cluster security settings.
30/01/2025 20:53:22 INFO: Wazuh indexer cluster security configuration initialized.
30/01/2025 20:53:22 INFO: Wazuh indexer cluster initialized.
30/01/2025 20:53:22 INFO: --- Wazuh server ---
30/01/2025 20:53:22 INFO: Starting the Wazuh manager installation.
30/01/2025 20:55:14 INFO: Wazuh manager installation finished.
30/01/2025 20:55:14 INFO: Wazuh manager vulnerability detection configuration finished.
30/01/2025 20:55:14 INFO: Starting service wazuh-manager.
30/01/2025 20:55:28 INFO: wazuh-manager service started.
30/01/2025 20:55:28 INFO: Starting Filebeat installation.
30/01/2025 20:55:35 INFO: Filebeat installation finished.
30/01/2025 20:55:37 INFO: Filebeat post-install configuration finished.
30/01/2025 20:55:37 INFO: Starting service filebeat.
30/01/2025 20:55:37 INFO: filebeat service started.
30/01/2025 20:55:37 INFO: --- Wazuh dashboard ---
30/01/2025 20:55:37 INFO: Starting Wazuh dashboard installation.
30/01/2025 20:57:04 INFO: Wazuh dashboard installation finished.
30/01/2025 20:57:04 INFO: Wazuh dashboard post-install configuration finished.
30/01/2025 20:57:04 INFO: Starting service wazuh-dashboard.
30/01/2025 20:57:04 INFO: wazuh-dashboard service started.
30/01/2025 20:57:04 INFO: Updating the internal users.
30/01/2025 20:57:08 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/01/2025 20:57:20 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/01/2025 20:57:53 INFO: Initializing Wazuh dashboard web application.
30/01/2025 20:57:56 INFO: Wazuh dashboard web application initialized.
30/01/2025 20:57:56 INFO: --- Summary ---
30/01/2025 20:57:56 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: *9YibSI.5j2LjV+nEXHT1Vlv4nGROJTV
30/01/2025 20:57:56 INFO: Installation finished.
[root@stack-centos8 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 20:53:18 UTC; 5min ago
     Docs: https://documentation.wazuh.com
 Main PID: 14168 (java)
    Tasks: 82 (limit: 23684)
   Memory: 1.0G
   CGroup: /system.slice/wazuh-indexer.service
           └─14168 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPre>

Jan 30 20:53:05 stack-centos8 systemd-entrypoint[14168]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-inde>
Jan 30 20:53:05 stack-centos8 systemd-entrypoint[14168]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 30 20:53:05 stack-centos8 systemd-entrypoint[14168]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 20:53:05 stack-centos8 systemd-entrypoint[14168]: Jan 30, 2025 8:53:05 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jan 30 20:53:05 stack-centos8 systemd-entrypoint[14168]: WARNING: COMPAT locale provider will be removed in a future release
Jan 30 20:53:06 stack-centos8 systemd-entrypoint[14168]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 30 20:53:06 stack-centos8 systemd-entrypoint[14168]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexe>
Jan 30 20:53:06 stack-centos8 systemd-entrypoint[14168]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 30 20:53:06 stack-centos8 systemd-entrypoint[14168]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 20:53:18 stack-centos8 systemd[1]: Started wazuh-indexer.

[root@stack-centos8 vagrant]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 20:57:41 UTC; 42s ago
    Tasks: 174 (limit: 23684)
   Memory: 1.0G
   CGroup: /system.slice/wazuh-manager.service
           ├─18936 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─18937 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─18940 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─18943 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─18985 /var/ossec/bin/wazuh-authd
           ├─19002 /var/ossec/bin/wazuh-db
           ├─19028 /var/ossec/bin/wazuh-execd
           ├─19043 /var/ossec/bin/wazuh-analysisd
           ├─19109 /var/ossec/bin/wazuh-syscheckd
           ├─19124 /var/ossec/bin/wazuh-remoted
           ├─19160 /var/ossec/bin/wazuh-logcollector
           ├─19180 /var/ossec/bin/wazuh-monitord
           └─19222 /var/ossec/bin/wazuh-modulesd

Jan 30 20:57:35 stack-centos8 env[18871]: Started wazuh-syscheckd...
Jan 30 20:57:36 stack-centos8 env[18871]: Started wazuh-remoted...
Jan 30 20:57:37 stack-centos8 env[18871]: Started wazuh-logcollector...
Jan 30 20:57:38 stack-centos8 env[18871]: Started wazuh-monitord...
Jan 30 20:57:38 stack-centos8 env[18871]: wazuh-modulesd: Process 18905 not used by Wazuh, removing...
Jan 30 20:57:38 stack-centos8 env[18871]: 2025/01/30 20:57:38 wazuh-modulesd:router: INFO: Loaded router module.
Jan 30 20:57:38 stack-centos8 env[18871]: 2025/01/30 20:57:38 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jan 30 20:57:39 stack-centos8 env[18871]: Started wazuh-modulesd...
Jan 30 20:57:41 stack-centos8 env[18871]: Completed.
Jan 30 20:57:41 stack-centos8 systemd[1]: Started Wazuh manager.
[root@stack-centos8 vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 20:57:43 UTC; 46s ago
 Main PID: 20101 (node)
    Tasks: 11 (limit: 23684)
   Memory: 191.7M
   CGroup: /system.slice/wazuh-dashboard.service
           └─20101 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Jan 30 20:57:53 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:53Z","tags":["info","plugins","wazuh","initialize"],"pid":20101,"messa>
Jan 30 20:57:53 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:53Z","tags":["info","plugins","wazuh","initialize"],"pid":20101,"messa>
Jan 30 20:57:53 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:53Z","tags":["info","plugins","wazuh","initialize"],"pid":20101,"messa>
Jan 30 20:57:53 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:53Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20101,"m>
Jan 30 20:57:53 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:53Z","tags":["info","plugins","wazuh","monitoring"],"pid":20101,"messa>
Jan 30 20:57:53 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:53Z","tags":["listening","info"],"pid":20101,"message":"Server running>
Jan 30 20:57:53 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:53Z","tags":["info","http","server","OpenSearchDashboards"],"pid":2010>
Jan 30 20:57:54 stack-centos8 opensearch-dashboards[20101]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout >
Jan 30 20:57:54 stack-centos8 opensearch-dashboards[20101]: {"type":"log","@timestamp":"2025-01-30T20:57:54Z","tags":["info","plugins","wazuh","monitoring"],"pid":20101,"messa>
Jan 30 20:57:55 stack-centos8 opensearch-dashboards[20101]: {"type":"response","@timestamp":"2025-01-30T20:57:54Z","tags":[],"pid":20101,"method":"get","statusCode":200,"req":>

[root@stack-centos8 vagrant]# 
[root@stack-centos8 vagrant]# 
[root@stack-centos8 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@stack-centos8 vagrant]#
Test Uninstall 🟢 
[root@stack-centos8 vagrant]# bash ./wazuh-install.sh -u
30/01/2025 20:58:57 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 20:58:57 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 20:58:57 INFO: Removing Wazuh manager.
30/01/2025 20:59:38 INFO: Wazuh manager removed.
30/01/2025 20:59:38 INFO: Removing Wazuh indexer.
30/01/2025 20:59:39 INFO: Removing Filebeat.
30/01/2025 20:59:40 INFO: Removing Wazuh dashboard.
[root@stack-centos8 vagrant]# systemctl status wazuh-indexer
Unit wazuh-indexer.service could not be found.
[root@stack-centos8 vagrant]# systemctl status wazuh-manager
Unit wazuh-manager.service could not be found.
[root@stack-centos8 vagrant]# systemctl status wazuh-dashboard
Unit wazuh-dashboard.service could not be found.
[root@stack-centos8 vagrant]# ls -ltr /var/oseec
ls: cannot access '/var/oseec': No such file or directory
[root@stack-centos8 vagrant]#
Test Distributed 🟢
Test install Indexer 🟢 
[root@stack-centos8 vagrant]# cat config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: 127.0.0.1
    #- name: node-2
    #  ip: "<indexer-node-ip>"
    #- name: node-3
    #  ip: "<indexer-node-ip>"

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: 127.0.0.1
    #  node_type: master
    #- name: wazuh-2
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker
    #- name: wazuh-3
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard
      ip: 127.0.0.1
[root@stack-centos8 vagrant]# bash wazuh-install.sh --generate-config-files
30/01/2025 21:06:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:06:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:06:10 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:06:10 INFO: --- Configuration files ---
30/01/2025 21:06:10 INFO: Generating configuration files.
30/01/2025 21:06:10 INFO: Generating the root certificate.
30/01/2025 21:06:10 INFO: Generating Admin certificates.
30/01/2025 21:06:10 INFO: Generating Wazuh indexer certificates.
30/01/2025 21:06:10 INFO: Generating Filebeat certificates.
30/01/2025 21:06:10 INFO: Generating Wazuh dashboard certificates.
30/01/2025 21:06:11 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
[root@stack-centos8 vagrant]# bash wazuh-install.sh --wazuh-indexer node-1
30/01/2025 21:06:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:06:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:06:19 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:06:20 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 9200, 9300.
30/01/2025 21:06:21 INFO: Wazuh repository added.
30/01/2025 21:06:21 INFO: --- Wazuh indexer ---
30/01/2025 21:06:21 INFO: Starting Wazuh indexer installation.
30/01/2025 21:07:43 INFO: Wazuh indexer installation finished.
30/01/2025 21:07:43 INFO: Wazuh indexer post-install configuration finished.
30/01/2025 21:07:43 INFO: Starting service wazuh-indexer.
30/01/2025 21:08:00 INFO: wazuh-indexer service started.
30/01/2025 21:08:00 INFO: Initializing Wazuh indexer cluster security settings.
30/01/2025 21:08:00 INFO: Wazuh indexer cluster initialized.
30/01/2025 21:08:00 INFO: Installation finished.
[root@stack-centos8 vagrant]# bash wazuh-install.sh --start-cluster
30/01/2025 21:09:35 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:09:35 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:09:35 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:09:38 INFO: Wazuh indexer cluster security configuration initialized.
30/01/2025 21:09:49 INFO: Updating the internal users.
30/01/2025 21:09:51 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/01/2025 21:10:02 INFO: Wazuh indexer cluster started.
[root@stack-centos8 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 21:08:00 UTC; 3min 57s ago
     Docs: https://documentation.wazuh.com
 Main PID: 22758 (java)
    Tasks: 75 (limit: 23684)
   Memory: 1.3G
   CGroup: /system.slice/wazuh-indexer.service
           └─22758 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPre>

Jan 30 21:07:45 stack-centos8 systemd-entrypoint[22758]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-inde>
Jan 30 21:07:45 stack-centos8 systemd-entrypoint[22758]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 30 21:07:45 stack-centos8 systemd-entrypoint[22758]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 21:07:46 stack-centos8 systemd-entrypoint[22758]: Jan 30, 2025 9:07:46 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jan 30 21:07:46 stack-centos8 systemd-entrypoint[22758]: WARNING: COMPAT locale provider will be removed in a future release
Jan 30 21:07:46 stack-centos8 systemd-entrypoint[22758]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 30 21:07:46 stack-centos8 systemd-entrypoint[22758]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexe>
Jan 30 21:07:46 stack-centos8 systemd-entrypoint[22758]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 30 21:07:46 stack-centos8 systemd-entrypoint[22758]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 21:08:00 stack-centos8 systemd[1]: Started wazuh-indexer.

[root@stack-centos8 vagrant]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'xxxxxxxxxxx'
[root@stack-centos8 vagrant]# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "z7TlYXFcR5yBStDGPzftFw",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "20f04b54e84e90747c861bde395497f059929cea",
    "build_date" : "2025-01-17T12:56:25.512234Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@stack-centos8 vagrant]# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           51          90   4    0.27    0.37     0.38 dimr      data,ingest,master,remote_cluster_client *               node-1
[root@stack-centos8 vagrant]#
Test install Server 🟢 
[root@stack-centos8 vagrant]# bash wazuh-install.sh --wazuh-server wazuh-1
30/01/2025 21:13:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:13:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:13:14 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:13:14 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on these ports: 1514, 1515, 1516, 55000.
30/01/2025 21:13:14 INFO: Wazuh repository added.
30/01/2025 21:13:15 INFO: --- Wazuh server ---
30/01/2025 21:13:15 INFO: Starting the Wazuh manager installation.
30/01/2025 21:15:13 INFO: Wazuh manager installation finished.
30/01/2025 21:15:13 INFO: Wazuh manager vulnerability detection configuration finished.
30/01/2025 21:15:13 INFO: Starting service wazuh-manager.
30/01/2025 21:15:29 INFO: wazuh-manager service started.
30/01/2025 21:15:29 INFO: Starting Filebeat installation.
30/01/2025 21:15:36 INFO: Filebeat installation finished.
30/01/2025 21:15:37 INFO: Filebeat post-install configuration finished.
30/01/2025 21:15:38 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/01/2025 21:16:00 INFO: Starting service filebeat.
30/01/2025 21:16:00 INFO: filebeat service started.
30/01/2025 21:16:00 INFO: Installation finished.
[root@stack-centos8 vagrant]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 21:15:58 UTC; 58s ago
    Tasks: 173 (limit: 23684)
   Memory: 1.8G
   CGroup: /system.slice/wazuh-manager.service
           ├─27347 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─27348 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─27351 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─27354 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─27396 /var/ossec/bin/wazuh-authd
           ├─27410 /var/ossec/bin/wazuh-db
           ├─27436 /var/ossec/bin/wazuh-execd
           ├─27451 /var/ossec/bin/wazuh-analysisd
           ├─27513 /var/ossec/bin/wazuh-syscheckd
           ├─27535 /var/ossec/bin/wazuh-remoted
           ├─27570 /var/ossec/bin/wazuh-logcollector
           ├─27588 /var/ossec/bin/wazuh-monitord
           └─27622 /var/ossec/bin/wazuh-modulesd

Jan 30 21:15:52 stack-centos8 env[27281]: Started wazuh-syscheckd...
Jan 30 21:15:53 stack-centos8 env[27281]: Started wazuh-remoted...
Jan 30 21:15:53 stack-centos8 env[27281]: Started wazuh-logcollector...
Jan 30 21:15:54 stack-centos8 env[27281]: Started wazuh-monitord...
Jan 30 21:15:54 stack-centos8 env[27281]: wazuh-modulesd: Process 27316 not used by Wazuh, removing...
Jan 30 21:15:54 stack-centos8 env[27281]: 2025/01/30 21:15:54 wazuh-modulesd:router: INFO: Loaded router module.
Jan 30 21:15:54 stack-centos8 env[27281]: 2025/01/30 21:15:54 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jan 30 21:15:55 stack-centos8 env[27281]: Started wazuh-modulesd...
Jan 30 21:15:58 stack-centos8 env[27281]: Completed.
Jan 30 21:15:58 stack-centos8 systemd[1]: Started Wazuh manager.
[root@stack-centos8 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@stack-centos8 vagrant]#
Test install Dashboard 🟢 
[root@stack-centos8 vagrant]# bash wazuh-install.sh --wazuh-dashboard dashboard
30/01/2025 21:17:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 21:17:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 21:17:49 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 21:17:49 INFO: Wazuh web interface port will be 443.
30/01/2025 21:17:49 WARNING: The system has Firewalld enabled. Please ensure that traffic is allowed on this port: 443.
30/01/2025 21:17:49 INFO: Wazuh repository added.
30/01/2025 21:17:50 INFO: --- Wazuh dashboard ----
30/01/2025 21:17:50 INFO: Starting Wazuh dashboard installation.
30/01/2025 21:19:12 INFO: Wazuh dashboard installation finished.
30/01/2025 21:19:12 INFO: Wazuh dashboard post-install configuration finished.
30/01/2025 21:19:12 INFO: Starting service wazuh-dashboard.
30/01/2025 21:19:12 INFO: wazuh-dashboard service started.
30/01/2025 21:19:29 INFO: Initializing Wazuh dashboard web application.
30/01/2025 21:19:29 INFO: Wazuh dashboard web application initialized.
30/01/2025 21:19:29 INFO: --- Summary ---
30/01/2025 21:19:29 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: eGpOoq1TZC+rm0dT8CW3ZyJZ.kPepe2.
30/01/2025 21:19:29 INFO: Installation finished.
[root@stack-centos8 vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 21:19:14 UTC; 24s ago
 Main PID: 29999 (node)
    Tasks: 11 (limit: 23684)
   Memory: 274.4M
   CGroup: /system.slice/wazuh-dashboard.service
           └─29999 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Jan 30 21:19:21 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:21Z","tags":["info","plugins","wazuh","initialize"],"pid":29999,"messa>
Jan 30 21:19:21 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:21Z","tags":["error","opensearch","data"],"pid":29999,"message":"[Resp>
Jan 30 21:19:21 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:21Z","tags":["error","opensearch","data"],"pid":29999,"message":"[Resp>
Jan 30 21:19:21 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:21Z","tags":["listening","info"],"pid":29999,"message":"Server running>
Jan 30 21:19:21 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:21Z","tags":["info","http","server","OpenSearchDashboards"],"pid":2999>
Jan 30 21:19:21 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:21Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":29999,"m>
Jan 30 21:19:21 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:21Z","tags":["info","plugins","wazuh","monitoring"],"pid":29999,"messa>
Jan 30 21:19:22 stack-centos8 opensearch-dashboards[29999]: {"type":"log","@timestamp":"2025-01-30T21:19:22Z","tags":["error","plugins","wazuh","monitoring"],"pid":29999,"mess>
Jan 30 21:19:29 stack-centos8 opensearch-dashboards[29999]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout >
Jan 30 21:19:29 stack-centos8 opensearch-dashboards[29999]: {"type":"response","@timestamp":"2025-01-30T21:19:29Z","tags":[],"pid":29999,"method":"get","statusCode":200,"req":>

[root@stack-centos8 vagrant]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2025-01-29 15:59:26 UTC; 1 day 5h ago
     Docs: man:firewalld(1)
 Main PID: 919 (firewalld)
    Tasks: 2 (limit: 23684)
   Memory: 23.1M
   CGroup: /system.slice/firewalld.service
           └─919 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Jan 29 15:59:25 stack-centos8 systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 29 15:59:26 stack-centos8 systemd[1]: Started firewalld - dynamic firewall daemon.
[root@stack-centos8 vagrant]#

Image

Test Offline 🟢
Download package 🟢
  • Validations of new param:
[root@stack-centos8 vagrant]# bash wazuh-install.sh -dw rpm
30/01/2025 22:00:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 22:00:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 22:00:56 ERROR: To download the packages it is necessary to set the architecture in -da|--download-arch <amd64|x86_64|arm64|aarch64>
[root@stack-centos8 vagrant]# bash wazuh-install.sh -dw rpm -da amd65
30/01/2025 22:01:04 ERROR: Error on arguments. Probably missing <amd64|x86_64|arm64|aarch64> after -da|--download-arch

NAME
        wazuh-install.sh - Install and configure Wazuh central components: Wazuh server, Wazuh indexer, and Wazuh dashboard.

SYNOPSIS
        wazuh-install.sh [OPTIONS] -a | -c | -s | -wi <indexer-node-name> | -wd <dashboard-node-name> | -ws <server-node-name>

DESCRIPTION
        -a,  --all-in-one
                Install and configure Wazuh server, Wazuh indexer, Wazuh dashboard.

        -c,  --config-file <path-to-config-yml>
                Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script.

        -d [pre-release|staging],  --development
                Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository.

        -dw,  --download-wazuh <deb|rpm>
                Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)

        -da,  --download-arch <amd64|arm64|x86_64|aarch64>
                Define the architecture of the packages to download for offline installation.

        -fd,  --force-install-dashboard
                Force Wazuh dashboard installation to continue even when it is not capable of connecting to the Wazuh indexer.

        -g,  --generate-config-files
                Generate wazuh-install-files.tar file containing the files that will be needed for installation from config.yml. In distributed deployments you will need to copy this file to all hosts.

        -h,  --help
                Display this help and exit.

        -i,  --ignore-check
                Ignore the check for minimum hardware requirements.

        -o,  --overwrite
                Overwrites previously installed components. This will erase all the existing configuration and data.

        -of,  --offline-installation
                Perform an offline installation. This option must be used with -a, -ws, -s, -wi, or -wd.

        -p,  --port
                Specifies the Wazuh web user interface port. By default is the 443 TCP port. Recommended ports are: 8443, 8444, 8080, 8888, 9000.

        -s,  --start-cluster
                Initialize Wazuh indexer cluster security settings.

        -t,  --tar <path-to-certs-tar>
                Path to tar file containing certificate files. By default, the Wazuh installation assistant will search for a file named wazuh-install-files.tar in the same path as the script.

        -u,  --uninstall
                Uninstalls all Wazuh components. This will erase all the existing configuration and data.

        -v,  --verbose
                Shows the complete installation output.

        -V,  --version
                Shows the version of the script and Wazuh packages.

        -wd,  --wazuh-dashboard <dashboard-node-name>
                Install and configure Wazuh dashboard, used for distributed deployments.

        -wi,  --wazuh-indexer <indexer-node-name>
                Install and configure Wazuh indexer, used for distributed deployments.

        -ws,  --wazuh-server <server-node-name>
                Install and configure Wazuh manager and Filebeat, used for distributed deployments.
[root@stack-centos8 vagrant]# bash wazuh-install.sh -dw deb -da x86_64
30/01/2025 22:01:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 22:01:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 22:01:34 ERROR: Architecture x86_64 not valid for package type deb
[root@stack-centos8 vagrant]# bash wazuh-install.sh -dw deb -da aarch64
30/01/2025 22:01:40 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 22:01:40 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 22:01:40 ERROR: Architecture aarch64 not valid for package type deb
[root@stack-centos8 vagrant]#
  • Download packages:

[root@stack-centos8 vagrant]# bash wazuh-install.sh -dw rpm -da x86_64 -v
30/01/2025 22:55:45 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 22:55:45 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 22:55:45 DEBUG: YUM package manager will be used.
30/01/2025 22:55:45 DEBUG: Installing check dependencies.
30/01/2025 22:55:45 DEBUG: Checking Wazuh installation.
30/01/2025 22:55:45 DEBUG: Checking system architecture.
30/01/2025 22:55:45 DEBUG: System architecture: x86_64
30/01/2025 22:55:45 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 22:55:45 DEBUG: CPU cores detected: 4
30/01/2025 22:55:45 DEBUG: Free RAM memory detected: 3736
30/01/2025 22:55:45 INFO: --- Download Packages ---
30/01/2025 22:55:45 INFO: Starting Wazuh packages download.
30/01/2025 22:55:45 INFO: Downloading Wazuh rpm packages for x86_64.
30/01/2025 22:55:47 DEBUG: Wazuh manager package revision fetched.
30/01/2025 22:55:49 DEBUG: Wazuh indexer package revision fetched.
30/01/2025 22:55:51 DEBUG: Wazuh dashboard package revision fetched.
30/01/2025 22:55:51 DEBUG: Downloading Wazuh manager package...
30/01/2025 22:56:00 INFO: The manager package was downloaded.
30/01/2025 22:56:00 DEBUG: Downloading Wazuh filebeat package...
30/01/2025 22:56:01 INFO: The filebeat package was downloaded.
30/01/2025 22:56:01 DEBUG: Downloading Wazuh indexer package...
30/01/2025 22:56:21 INFO: The indexer package was downloaded.
30/01/2025 22:56:21 DEBUG: Downloading Wazuh dashboard package...
30/01/2025 22:56:26 INFO: The dashboard package was downloaded.
30/01/2025 22:56:26 INFO: The packages are in wazuh-offline/wazuh-packages
30/01/2025 22:56:26 INFO: Downloading configuration files and assets.
30/01/2025 22:56:26 DEBUG: Downloading https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH...
30/01/2025 22:56:27 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
30/01/2025 22:56:27 DEBUG: Downloading https://packages-dev.wazuh.com/idr1887/4.12/tpl/wazuh/filebeat/filebeat.yml...
30/01/2025 22:56:28 INFO: The resource https://packages-dev.wazuh.com/idr1887/4.12/tpl/wazuh/filebeat/filebeat.yml was downloaded.
30/01/2025 22:56:28 DEBUG: Downloading https://raw.githubusercontent.com/wazuh/wazuh/4.12.0/extensions/elasticsearch/7.x/wazuh-template.json...
30/01/2025 22:56:28 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.12.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
30/01/2025 22:56:28 DEBUG: Downloading https://packages-dev.wazuh.com/idr1887/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz...
30/01/2025 22:56:29 INFO: The resource https://packages-dev.wazuh.com/idr1887/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
30/01/2025 22:56:29 INFO: The configuration files and assets are in wazuh-offline.tar.gz
30/01/2025 22:57:13 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
[root@stack-centos8 vagrant]#
[root@stack-centos8 vagrant]# ls -ltr
total 1452292
-rw-------. 1 root root      11017 Jan 30 21:47 wazuh-install-files.tar
-rw-------. 1 root root 1486936342 Jan 30 23:05 wazuh-offline.tar.gz
-rw-r--r--. 1 root root     193517 Jan 30 23:05 wazuh-install.sh
[root@stack-centos8 vagrant]#
Install offline 🟢
  • Wazuh indexer

[root@stack-centos8 vagrant]# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1
30/01/2025 23:10:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:10:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:10:02 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:10:04 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:10:05 INFO: Checking prerequisites for Offline installation.
30/01/2025 23:10:05 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:10:12 INFO: --- Wazuh indexer ---
30/01/2025 23:10:12 INFO: Starting Wazuh indexer installation.
30/01/2025 23:10:25 INFO: Wazuh indexer installation finished.
30/01/2025 23:10:25 INFO: Wazuh indexer post-install configuration finished.
30/01/2025 23:10:25 INFO: Starting service wazuh-indexer.
30/01/2025 23:10:38 INFO: wazuh-indexer service started.
30/01/2025 23:10:38 INFO: Initializing Wazuh indexer cluster security settings.
30/01/2025 23:10:39 INFO: Wazuh indexer cluster initialized.
30/01/2025 23:10:39 INFO: Installation finished.
[root@stack-centos8 vagrant]# bash wazuh-install.sh --offline-installation --start-cluster
30/01/2025 23:14:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:14:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:14:05 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:14:07 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:14:07 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:14:10 INFO: Wazuh indexer cluster security configuration initialized.
30/01/2025 23:14:26 INFO: Updating the internal users.
30/01/2025 23:14:29 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
30/01/2025 23:14:39 INFO: Wazuh indexer cluster started.
[root@stack-centos8 vagrant]#
[root@stack-centos8 vagrant]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'xxxxxxxxxxx'
[root@stack-centos8 vagrant]# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "lmcAY_xdQH6V2dgZsUZK2g",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "20f04b54e84e90747c861bde395497f059929cea",
    "build_date" : "2025-01-17T12:56:25.512234Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@stack-centos8 vagrant]# curl -k -u admin:xxxxxxxxxxx https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           24          93   3    0.27    0.32     0.20 dimr      data,ingest,master,remote_cluster_client *               node-1
[root@stack-centos8 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 23:10:38 UTC; 6min ago
     Docs: https://documentation.wazuh.com
 Main PID: 33656 (java)
    Tasks: 78 (limit: 23684)
   Memory: 1.3G
   CGroup: /system.slice/wazuh-indexer.service
           └─33656 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPre>

Jan 30 23:10:27 stack-centos8 systemd-entrypoint[33656]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-inde>
Jan 30 23:10:27 stack-centos8 systemd-entrypoint[33656]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 30 23:10:27 stack-centos8 systemd-entrypoint[33656]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 23:10:27 stack-centos8 systemd-entrypoint[33656]: Jan 30, 2025 11:10:27 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Jan 30 23:10:27 stack-centos8 systemd-entrypoint[33656]: WARNING: COMPAT locale provider will be removed in a future release
Jan 30 23:10:28 stack-centos8 systemd-entrypoint[33656]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 30 23:10:28 stack-centos8 systemd-entrypoint[33656]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexe>
Jan 30 23:10:28 stack-centos8 systemd-entrypoint[33656]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 30 23:10:28 stack-centos8 systemd-entrypoint[33656]: WARNING: System::setSecurityManager will be removed in a future release
Jan 30 23:10:38 stack-centos8 systemd[1]: Started wazuh-indexer.

[root@stack-centos8 vagrant]#
  • Wazuh manager
[root@stack-centos8 vagrant]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1
30/01/2025 23:19:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:19:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:19:44 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:19:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:19:46 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:19:47 INFO: --- Wazuh server ---
30/01/2025 23:19:47 INFO: Starting the Wazuh manager installation.
30/01/2025 23:21:08 INFO: Wazuh manager installation finished.
30/01/2025 23:21:08 INFO: Wazuh manager vulnerability detection configuration finished.
30/01/2025 23:21:08 INFO: Starting service wazuh-manager.
30/01/2025 23:21:22 INFO: wazuh-manager service started.
30/01/2025 23:21:22 INFO: Starting Filebeat installation.
30/01/2025 23:21:23 INFO: Filebeat installation finished.
30/01/2025 23:21:23 INFO: Filebeat post-install configuration finished.
30/01/2025 23:21:24 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
30/01/2025 23:21:48 INFO: Starting service filebeat.
30/01/2025 23:21:48 INFO: filebeat service started.
30/01/2025 23:21:48 INFO: Installation finished.
[root@stack-centos8 vagrant]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 23:21:45 UTC; 47s ago
    Tasks: 173 (limit: 23684)
   Memory: 1.6G
   CGroup: /system.slice/wazuh-manager.service
           ├─38027 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─38028 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─38031 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─38034 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
           ├─38076 /var/ossec/bin/wazuh-authd
           ├─38093 /var/ossec/bin/wazuh-db
           ├─38119 /var/ossec/bin/wazuh-execd
           ├─38134 /var/ossec/bin/wazuh-analysisd
           ├─38200 /var/ossec/bin/wazuh-syscheckd
           ├─38215 /var/ossec/bin/wazuh-remoted
           ├─38250 /var/ossec/bin/wazuh-logcollector
           ├─38270 /var/ossec/bin/wazuh-monitord
           └─38311 /var/ossec/bin/wazuh-modulesd

Jan 30 23:21:39 stack-centos8 env[37960]: Started wazuh-syscheckd...
Jan 30 23:21:40 stack-centos8 env[37960]: Started wazuh-remoted...
Jan 30 23:21:41 stack-centos8 env[37960]: Started wazuh-logcollector...
Jan 30 23:21:42 stack-centos8 env[37960]: Started wazuh-monitord...
Jan 30 23:21:42 stack-centos8 env[37960]: wazuh-modulesd: Process 37996 not used by Wazuh, removing...
Jan 30 23:21:42 stack-centos8 env[37960]: 2025/01/30 23:21:42 wazuh-modulesd:router: INFO: Loaded router module.
Jan 30 23:21:42 stack-centos8 env[37960]: 2025/01/30 23:21:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jan 30 23:21:43 stack-centos8 env[37960]: Started wazuh-modulesd...
Jan 30 23:21:45 stack-centos8 env[37960]: Completed.
Jan 30 23:21:45 stack-centos8 systemd[1]: Started Wazuh manager.
[root@stack-centos8 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@stack-centos8 vagrant]#
  • Wazuh dashboard
[root@stack-centos8 vagrant]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard
30/01/2025 23:23:30 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
30/01/2025 23:23:30 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/01/2025 23:23:30 INFO: Checking dependencies for Wazuh installation assistant.
30/01/2025 23:23:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/01/2025 23:23:32 INFO: Wazuh web interface port will be 443.
30/01/2025 23:23:33 INFO: Checking prerequisites for Offline installation.
30/01/2025 23:23:34 INFO: Checking wazuh-offline.tar.gz file.
30/01/2025 23:23:34 INFO: --- Wazuh dashboard ----
30/01/2025 23:23:34 INFO: Starting Wazuh dashboard installation.
30/01/2025 23:24:35 INFO: Wazuh dashboard installation finished.
30/01/2025 23:24:35 INFO: Wazuh dashboard post-install configuration finished.
30/01/2025 23:24:35 INFO: Starting service wazuh-dashboard.
30/01/2025 23:24:35 INFO: wazuh-dashboard service started.
30/01/2025 23:24:52 INFO: Initializing Wazuh dashboard web application.
30/01/2025 23:24:53 INFO: Wazuh dashboard web application initialized.
30/01/2025 23:24:53 INFO: --- Summary ---
30/01/2025 23:24:53 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: 44.gaGYMIaA0gogt*y+lmR6Bb46xRGb7
30/01/2025 23:24:53 INFO: Installation finished.
[root@stack-centos8 vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2025-01-30 23:24:37 UTC; 2min 1s ago
 Main PID: 40137 (node)
    Tasks: 11 (limit: 23684)
   Memory: 200.2M
   CGroup: /system.slice/wazuh-dashboard.service
           └─40137 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Jan 30 23:24:45 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:24:45Z","tags":["error","opensearch","data"],"pid":40137,"message":"[Resp>
Jan 30 23:24:45 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:24:45Z","tags":["info","plugins","wazuh","monitoring"],"pid":40137,"messa>
Jan 30 23:24:45 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:24:45Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":40137,"m>
Jan 30 23:24:45 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:24:45Z","tags":["listening","info"],"pid":40137,"message":"Server running>
Jan 30 23:24:45 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:24:45Z","tags":["info","http","server","OpenSearchDashboards"],"pid":4013>
Jan 30 23:24:45 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:24:45Z","tags":["error","plugins","wazuh","monitoring"],"pid":40137,"mess>
Jan 30 23:24:52 stack-centos8 opensearch-dashboards[40137]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout >
Jan 30 23:24:53 stack-centos8 opensearch-dashboards[40137]: {"type":"response","@timestamp":"2025-01-30T23:24:52Z","tags":[],"pid":40137,"method":"get","statusCode":200,"req":>
Jan 30 23:25:01 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:25:01Z","tags":["error","opensearch","data"],"pid":40137,"message":"[reso>
Jan 30 23:25:01 stack-centos8 opensearch-dashboards[40137]: {"type":"log","@timestamp":"2025-01-30T23:25:01Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":40137,"m>

[root@stack-centos8 vagrant]#

Image

New test

Test architecture suggestion 🟢 
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw rpm
31/01/2025 18:49:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
31/01/2025 18:49:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/01/2025 18:50:10 ERROR: To download the packages it is necessary to set the architecture in -da|--download-arch <amd64|x86_64|arm64|aarch64>
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw rpm -da amd64
31/01/2025 18:50:26 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
31/01/2025 18:50:26 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/01/2025 18:50:33 ERROR: Architecture amd64 not valid for package type rpm. Use x86_64 instead.
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw rpm -da arm64
31/01/2025 18:50:40 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
31/01/2025 18:50:40 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/01/2025 18:50:47 ERROR: Architecture arm64 not valid for package type rpm. Use aarch64 instead.
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw deb -da x86_64
31/01/2025 18:51:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
31/01/2025 18:51:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/01/2025 18:51:09 ERROR: Architecture x86_64 not valid for package type deb. Use amd64 instead.
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw deb -da aarch64
31/01/2025 18:51:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
31/01/2025 18:51:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/01/2025 18:51:21 ERROR: Architecture aarch64 not valid for package type deb. Use arm64 instead.
root@ip-172-31-38-17:/home/ubuntu# bash wazuh-install.sh -dw deb -da arm64
31/01/2025 18:51:27 INFO: Starting Wazuh installation assistant. Wazuh version: 4.12.0
31/01/2025 18:51:27 INFO: Verbose logging redirected to /var/log/wazuh-install.log
31/01/2025 18:51:34 INFO: Verifying that your system meets the recommended minimum hardware requirements.
31/01/2025 18:51:34 INFO: --- Download Packages ---
31/01/2025 18:51:34 INFO: Starting Wazuh packages download.
31/01/2025 18:51:34 INFO: Downloading Wazuh deb packages for arm64.
^C
Do you want to remove the ongoing installation?[Y/N]y
31/01/2025 18:51:39 INFO: --- Removing existing Wazuh installation ---
31/01/2025 18:51:39 INFO: Wazuh GPG key not found in the system
31/01/2025 18:51:39 INFO: Installation cleaned.
root@ip-172-31-38-17:/home/ubuntu#

@fcaffieri fcaffieri self-assigned this Jan 30, 2025
@fcaffieri fcaffieri linked an issue Jan 30, 2025 that may be closed by this pull request
Support ARM architecture for Wazuh central components #155
Closed
4 tasks
@fcaffieri fcaffieri marked this pull request as ready for review January 30, 2025 23:32
Enaraque
Enaraque reviewed Jan 31, 2025
View reviewed changes
install_functions/checks.sh Outdated Show resolved Hide resolved
install_functions/checks.sh Outdated Show resolved Hide resolved
c-bordon
c-bordon previously approved these changes Jan 31, 2025
View reviewed changes
@c-bordon c-bordon merged commit 512bb97 into 4.12.0 Jan 31, 2025
0 of 4 checks passed
@c-bordon c-bordon deleted the change/155-support-arm-architecture-installation-assistant branch January 31, 2025 19:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Enaraque Enaraque Enaraque left review comments

@c-bordon c-bordon c-bordon approved these changes

Assignees

@fcaffieri fcaffieri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support ARM architecture for Wazuh central components
3 participants
@fcaffieri @c-bordon @Enaraque