Added development flag to unattended unification and fixed wazuh system repository

[rauldpm]

Related issue
closes #854

Description

Logs example

install.log

Tests

Install

• System

  NAME="CentOS Linux"
  VERSION="7 (Core)"
  ID="centos"
  ID_LIKE="rhel fedora"
  VERSION_ID="7"
  PRETTY_NAME="CentOS Linux 7 (Core)"
  ANSI_COLOR="0;31"
  CPE_NAME="cpe:/o:centos:centos:7"
  HOME_URL="https://www.centos.org/"
  BUG_REPORT_URL="https://bugs.centos.org/"
  
  CENTOS_MANTISBT_PROJECT="CentOS-7"
  CENTOS_MANTISBT_PROJECT_VERSION="7"
  REDHAT_SUPPORT_PRODUCT="centos"
  REDHAT_SUPPORT_PRODUCT_VERSION="7"
  

• Install output with 4.2.5 and production repository.

  [root@centos7 vagrant]# bash wazuh_install.sh -a -l
  12/09/2021 21:46:15 INFO: Configuration file found. Creating certificates...
  12/09/2021 21:46:15 INFO: Creating the Elasticsearch certificates...
  12/09/2021 21:46:15 INFO: Creating Wazuh server certificates...
  12/09/2021 21:46:15 INFO: Creating Kibana certificate...
  12/09/2021 21:46:15 INFO: Certificates creation finished. They can be found in /vagrant/certs.
  12/09/2021 21:46:15 INFO: Starting the installation...
  12/09/2021 21:46:15 INFO: Installing all necessary utilities for the installation...
  12/09/2021 21:46:23 INFO: Done
  12/09/2021 21:46:23 INFO: Adding the Wazuh repository...
  12/09/2021 21:46:23 INFO: Done
  12/09/2021 21:46:23 INFO: Installing the Wazuh manager...
  12/09/2021 21:46:59 INFO: Done
  12/09/2021 21:47:15 INFO: Wazuh-manager started
  12/09/2021 21:47:15 INFO: Installing Open Distro for Elasticsearch...
  12/09/2021 21:47:57 INFO: Done
  12/09/2021 21:47:57 INFO: Configuring Elasticsearch...
  12/09/2021 21:48:06 INFO: Elasticsearch started
  12/09/2021 21:48:06 INFO: Initializing Elasticsearch...
  
  12/09/2021 21:48:15 INFO: Done
  12/09/2021 21:48:15 INFO: Installing Filebeat...
  12/09/2021 21:48:21 INFO: Filebeat started
  12/09/2021 21:48:21 INFO: Done
  12/09/2021 21:48:21 INFO: Installing Open Distro for Kibana...
  12/09/2021 21:49:12 INFO: Done
  12/09/2021 21:49:21 INFO: Kibana started
  
  

• Install output with 4.3.0 and development repository.

  [root@centos7 vagrant]# bash wazuh_install.sh -a -l -d
  12/09/2021 21:37:14 INFO: Configuration file found. Creating certificates...
  12/09/2021 21:37:15 INFO: Creating the Elasticsearch certificates...
  12/09/2021 21:37:15 INFO: Creating Wazuh server certificates...
  12/09/2021 21:37:15 INFO: Creating Kibana certificate...
  12/09/2021 21:37:15 INFO: Certificates creation finished. They can be found in /vagrant/certs.
  12/09/2021 21:37:15 INFO: Starting the installation...
  12/09/2021 21:37:15 INFO: Installing all necessary utilities for the installation...
  12/09/2021 21:37:22 INFO: Done
  12/09/2021 21:37:22 INFO: Adding the Wazuh repository...
  12/09/2021 21:37:23 INFO: Done
  12/09/2021 21:37:23 INFO: Installing the Wazuh manager...
  12/09/2021 21:38:00 INFO: Done
  12/09/2021 21:38:15 INFO: Wazuh-manager started
  12/09/2021 21:38:15 INFO: Installing Open Distro for Elasticsearch...
  12/09/2021 21:38:58 INFO: Done
  12/09/2021 21:38:58 INFO: Configuring Elasticsearch...
  12/09/2021 21:39:09 INFO: Elasticsearch started
  12/09/2021 21:39:09 INFO: Initializing Elasticsearch...
  
  12/09/2021 21:39:18 INFO: Done
  12/09/2021 21:39:18 INFO: Installing Filebeat...
  12/09/2021 21:39:24 INFO: Filebeat started
  12/09/2021 21:39:24 INFO: Done
  12/09/2021 21:39:24 INFO: Installing Open Distro for Kibana...
  12/09/2021 21:40:17 INFO: Done
  12/09/2021 21:40:28 INFO: Kibana started
  12/09/2021 21:40:28 INFO: Setting the Wazuh repository to production
  12/09/2021 21:40:28 INFO: Done
  
  

Error Logs

• Filebeat

  Dec 09 21:41:54 centos7 filebeat[6467]: 2021-12-09T21:41:54.832Z        INFO        [monitoring]        log/log.go:145        Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":60,"time":{"ms":18}},"total":{"ticks":130,"time":{"ms":28},"value":130},"user":{"ticks":70,"time":{"ms":10}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":10},"info":{"ephemeral_id":"ba7397c9-e045-47a8-aa2f-1abafe7dc204","uptime":{"ms":150034}},"memstats":{"gc_next":8240640,"memory_alloc":4498936,"memory_total":18755280,"rss":258048},"runtime":{"goroutines":23}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"read":{"errors":1}},"pipeline":{"clients":1,"events":{"active":0}}},"registrar":{"states":{"current":1}},"system":{"load":{"1":0.22,"15":0.18,"5":0.36,"norm":{"1":0.11,"15":0.09,"5":0.18}}}}}}
  

• Kibana

  
  Dec 09 21:41:17 centos7 kibana[6680]: {"type":"error","@timestamp":"2021-12-09T21:41:17Z","tags":["connection","client","error"],"pid":6680,"level":"error","error":{"message":"139685757937536:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 139685757937536:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"139685757937536:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
  Dec 09 21:40:31 centos7 kibana[6680]: {"type":"log","@timestamp":"2021-12-09T21:40:31Z","tags":["error","plugins","wazuh","initialize"],"pid":6680,"message":"Could not check if the index .wazuh exists due to no permissions for create, delete or check"}
  Dec 09 21:40:31 centos7 kibana[6680]: {"type":"log","@timestamp":"2021-12-09T21:40:31Z","tags":["error","elasticsearch","data"],"pid":6680,"message":"[ResponseError]: Response Error"}
  Dec 09 21:40:30 centos7 kibana[6680]: {"type":"log","@timestamp":"2021-12-09T21:40:30Z","tags":["warning","config","deprecation"],"pid":6680,"message":"\"server.defaultRoute\" is deprecated and has been replaced by \"uiSettings.overrides.defaultRoute\""}
  
  

Tests

• Index

  [root@centos7 vagrant]# curl -k -u wazuh:wazuh https://localhost:9200/_cat/indices?s=index
  green  open .kibana_1                    yGWhSM4LSbaesOKkKcIzzQ 1 0   7 8  63.3kb  63.3kb
  green  open .opendistro_security         _M2uRxRfS52sdUfeJKgdWQ 1 0   9 0  60.6kb  60.6kb
  yellow open security-auditlog-2021.12.09 yaaaoFueT-WDiq04y6Ezjg 1 1  15 0 115.2kb 115.2kb
  green  open wazuh-alerts-4.x-2021.12.09  QziHkc85QKWUsRqO1pOMyg 3 0 341 0 665.4kb 665.4kb
  green  open wazuh-monitoring-2021.50w    8RawjRbzTP-8qlZ0pcPpRg 1 0   0 0    208b    208b
  

• Filebeat test output

  [root@centos7 vagrant]# filebeat test output
  elasticsearch: https://127.0.0.1:9200...
    parse url... OK
    connection...
      parse host... OK
      dns lookup... OK
      addresses: 127.0.0.1
      dial up... OK
    TLS...
      security: server's certificate chain verification is enabled
      handshake... OK
      TLS version: TLSv1.3
      dial up... OK
    talk to server... OK
    version: 7.10.2
  
  

• wazuh.repo

  [root@centos7 vagrant]# cat /etc/yum.repos.d/wazuh.repo 
  [wazuh]
  gpgcheck=1
  gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
  enabled=1
  name=EL-$releasever - Wazuh
  baseurl=https://packages.wazuh.com/4.x/yum/
  protect=1
  

---

• Install 🟢
• Agent connection 🟢
• Agent alerts 🟢
• Kibana log 🟡
• Filebeat log 🟡
• Ossec.log 🟢
• Elasticsearch log 🟢
• Filebeat test 🟢
• Index check 🟢

[alberpilot]

LGTM