From 2608eebb4719df80a07e1025825adecfd018e341 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 11:24:53 +0100 Subject: [PATCH 01/12] Fix minor error in cert tool with multiple nodes --- .../install_functions/opendistro/wazuh-cert-tool.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh index 38177ccad7..82d44af0d4 100644 --- a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh +++ b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh @@ -388,7 +388,7 @@ function readConfig() { elif [ $(grep -io master <<< ${wazuh_servers_node_types[*]} | wc -l) -ne 1 ]; then logger_cert -e "Wazuh cluster needs a single master node." exit 1 - elif [ $(grep -io worker <<< ${wazuh_servers_node_types[*]} | wc -l) -ne $(( "${#wazuh_servers_node_types[@]}" - 1 )) ]; then + elif [ $(grep -io worker <<< ${wazuh_servers_node_types[*]} | wc -l) -ne $(( ${#wazuh_servers_node_types[@]} - 1 )) ]; then logger_cert -e "Incorrect number of workers." exit 1 fi From fdc696da03727afe3e671793a26358b9ddeaaa2b Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 12:03:37 +0100 Subject: [PATCH 02/12] Improve node_type logging --- .../install_functions/opendistro/wazuh-cert-tool.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh index 82d44af0d4..f1464716c1 100644 --- a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh +++ b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh @@ -379,11 +379,14 @@ function readConfig() { if [ "${#wazuh_servers_node_names[@]}" -le 1 ]; then if [ "${#wazuh_servers_node_types[@]}" -ne 0 ]; then - logger_cert -e "node_type must be used with more than one Wazuh server." + logger_cert -e "The tag node_type can only be used with more than one Wazuh server." exit 1 fi - elif [ "${#wazuh_servers_node_names[@]}" -ne "${#wazuh_servers_node_types[@]}" ]; then - logger_cert -e "Different number of Wazuh server node names and node types." + elif [ "${#wazuh_servers_node_names[@]}" -gt "${#wazuh_servers_node_types[@]}" ]; then + logger_cert -e "The tag node_type needs to be specified for all Wazuh server nodes." + exit 1 + elif [ "${#wazuh_servers_node_names[@]}" -lt "${#wazuh_servers_node_types[@]}" ]; then + logger_cert -e "Found extra node_type tags." exit 1 elif [ $(grep -io master <<< ${wazuh_servers_node_types[*]} | wc -l) -ne 1 ]; then logger_cert -e "Wazuh cluster needs a single master node." From 186240b1aacc0d6cb2830affa5e91db9d367b585 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 12:07:03 +0100 Subject: [PATCH 03/12] Avoid setting logfile in password-tool if already defined --- .../install_functions/opendistro/wazuh-passwords-tool.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh b/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh index 5afe2555c1..0c188a5033 100644 --- a/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh +++ b/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh @@ -8,7 +8,9 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -logfile="/var/log/wazuh-password-tool.log" +if [[ -z "${logfile}" ]]; then + logfile="/var/log/wazuh-password-tool.log" +fi debug_pass=">> ${logfile} 2>&1" if [ -n "$(command -v yum)" ]; then sys_type="yum" From b9c8abd1a93ae6eedd7966901ac5361b5c5fd96f Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 12:22:12 +0100 Subject: [PATCH 04/12] Check nodenames depending on installed component --- .../install_functions/opendistro/checks.sh | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/unattended_installer/install_functions/opendistro/checks.sh b/unattended_installer/install_functions/opendistro/checks.sh index d5045872f7..43df75b726 100644 --- a/unattended_installer/install_functions/opendistro/checks.sh +++ b/unattended_installer/install_functions/opendistro/checks.sh @@ -269,17 +269,16 @@ function checkNames() { exit 1 fi - all_node_names=("${elasticsearch_node_names[@]}" "${wazuh_servers_node_names[@]}" "${kibana_node_names[@]}") - found=0 - for i in "${all_node_names[@]}"; do - if [[ ( -n "${elasticsearch}" && "${i}" == "${einame}" ) || ( -n "${wazuh}" && "${i}" == "${winame}" ) || ( -n "${kibana}" && "${i}" == "${kiname}" ) ]]; then - found=1 - break - fi - done - if [[ $found -eq 0 ]]; then - logger -e "The name given for the node does not appear on the configuration file." - exit 1 + if [ -n "${winame}" ] && [[ ! "${wazuh_servers_node_names[@]}" =~ "${winame}" ]];; then + logger -e "The Wazuh server node name ${winame} does not appear on the configuration file." + fi + + if [ -n "${einame}" ] && [[ ! "${elasticsearch_node_names[@]}" =~ "${einame}" ]];; then + logger -e "The Elasticsearch node name ${einame} does not appear on the configuration file." + fi + + if [ -n "${kiname}" ] && [[ ! "${kibana_node_names[@]}" =~ "${kiname}" ]];; then + logger -e "The Kibana node name ${kiname} does not appear on the configuration file." fi } From 6f61cb6a07ff1e8d0e56c1509e50eeef0aa0d1a9 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 12:33:13 +0100 Subject: [PATCH 05/12] Add check for empty config file --- unattended_installer/install_functions/opendistro/checks.sh | 6 +++--- .../install_functions/opendistro/wazuh-cert-tool.sh | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/unattended_installer/install_functions/opendistro/checks.sh b/unattended_installer/install_functions/opendistro/checks.sh index 43df75b726..35c991a5b9 100644 --- a/unattended_installer/install_functions/opendistro/checks.sh +++ b/unattended_installer/install_functions/opendistro/checks.sh @@ -269,15 +269,15 @@ function checkNames() { exit 1 fi - if [ -n "${winame}" ] && [[ ! "${wazuh_servers_node_names[@]}" =~ "${winame}" ]];; then + if [ -n "${winame}" ] && [[ ! "${wazuh_servers_node_names[@]}" =~ "${winame}" ]]; then logger -e "The Wazuh server node name ${winame} does not appear on the configuration file." fi - if [ -n "${einame}" ] && [[ ! "${elasticsearch_node_names[@]}" =~ "${einame}" ]];; then + if [ -n "${einame}" ] && [[ ! "${elasticsearch_node_names[@]}" =~ "${einame}" ]]; then logger -e "The Elasticsearch node name ${einame} does not appear on the configuration file." fi - if [ -n "${kiname}" ] && [[ ! "${kibana_node_names[@]}" =~ "${kiname}" ]];; then + if [ -n "${kiname}" ] && [[ ! "${kibana_node_names[@]}" =~ "${kiname}" ]]; then logger -e "The Kibana node name ${kiname} does not appear on the configuration file." fi diff --git a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh index f1464716c1..fa9a4c3474 100644 --- a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh +++ b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh @@ -318,6 +318,10 @@ function parse_yaml() { function readConfig() { if [ -f "${config_file}" ]; then + if [ -s "${config_file}" ]; then + logger_cert -e "File ${config_file} is empty" + exit 1 + fi eval "$(parse_yaml "${config_file}")" eval "elasticsearch_node_names=( $(parse_yaml "${config_file}" | grep nodes_elasticsearch_name | sed 's/nodes_elasticsearch_name=//') )" eval "wazuh_servers_node_names=( $(parse_yaml "${config_file}" | grep nodes_wazuh_servers_name | sed 's/nodes_wazuh_servers_name=//') )" @@ -352,7 +356,7 @@ function readConfig() { logger_cert -e "Duplicated Wazuh server node ips." exit 1 fi - + unique_names=($(echo "${kibana_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) if [ "${#unique_names[@]}" -ne "${#kibana_node_names[@]}" ]; then logger_cert -e "Duplicated Kibana node names." From cd2c0faa57c5ca39cdbedf7e277e5067a573ba97 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 13:33:22 +0100 Subject: [PATCH 06/12] Avoid showing messages if there is no certificates to create --- .../opendistro/wazuh-cert-tool.sh | 62 +++++++++---------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh index fa9a4c3474..760de02efe 100644 --- a/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh +++ b/unattended_installer/install_functions/opendistro/wazuh-cert-tool.sh @@ -117,45 +117,45 @@ function generateCertificateconfiguration() { function generateElasticsearchcertificates() { - logger_cert "Creating the Elasticsearch certificates." - - i=0 - while [ ${i} -lt "${#elasticsearch_node_names[@]}" ]; do - generateCertificateconfiguration "${elasticsearch_node_names[i]}" "${elasticsearch_node_ips[i]}" - eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${elasticsearch_node_names[i]}-key.pem -out ${base_path}/certs/${elasticsearch_node_names[i]}.csr -config ${base_path}/certs/${elasticsearch_node_names[i]}.conf -days 3650 ${debug_cert}" - eval "openssl x509 -req -in ${base_path}/certs/${elasticsearch_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${elasticsearch_node_names[i]}.pem -extfile ${base_path}/certs/${elasticsearch_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" - eval "chmod 444 ${base_path}/certs/${elasticsearch_node_names[i]}-key.pem ${debug_cert}" - i=$(( i + 1 )) - done + if [ ${#elasticsearch_node_names[@]} -gt 0 ]; then + logger_cert "Creating the Elasticsearch certificates." + + for i in "${!elasticsearch_node_names[@]}"; do + generateCertificateconfiguration "${elasticsearch_node_names[i]}" "${elasticsearch_node_ips[i]}" + eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${elasticsearch_node_names[i]}-key.pem -out ${base_path}/certs/${elasticsearch_node_names[i]}.csr -config ${base_path}/certs/${elasticsearch_node_names[i]}.conf -days 3650 ${debug_cert}" + eval "openssl x509 -req -in ${base_path}/certs/${elasticsearch_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${elasticsearch_node_names[i]}.pem -extfile ${base_path}/certs/${elasticsearch_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" + eval "chmod 444 ${base_path}/certs/${elasticsearch_node_names[i]}-key.pem ${debug_cert}" + done + fi } function generateFilebeatcertificates() { - logger_cert "Creating the Wazuh server certificates." + if [ ${#wazuh_servers_node_names[@]} -gt 0 ]; then + logger_cert "Creating the Wazuh server certificates." - i=0 - while [ ${i} -lt "${#wazuh_servers_node_names[@]}" ]; do - generateCertificateconfiguration "${wazuh_servers_node_names[i]}" "${wazuh_servers_node_ips[i]}" - eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${wazuh_servers_node_names[i]}-key.pem -out ${base_path}/certs/${wazuh_servers_node_names[i]}.csr -config ${base_path}/certs/${wazuh_servers_node_names[i]}.conf -days 3650 ${debug_cert}" - eval "openssl x509 -req -in ${base_path}/certs/${wazuh_servers_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${wazuh_servers_node_names[i]}.pem -extfile ${base_path}/certs/${wazuh_servers_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" - i=$(( i + 1 )) - done + for i in "${!wazuh_servers_node_names[@]}"; do + generateCertificateconfiguration "${wazuh_servers_node_names[i]}" "${wazuh_servers_node_ips[i]}" + eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${wazuh_servers_node_names[i]}-key.pem -out ${base_path}/certs/${wazuh_servers_node_names[i]}.csr -config ${base_path}/certs/${wazuh_servers_node_names[i]}.conf -days 3650 ${debug_cert}" + eval "openssl x509 -req -in ${base_path}/certs/${wazuh_servers_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${wazuh_servers_node_names[i]}.pem -extfile ${base_path}/certs/${wazuh_servers_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" + done + fi } function generateKibanacertificates() { - - logger_cert "Creating the Kibana certificate." - - i=0 - while [ ${i} -lt "${#kibana_node_names[@]}" ]; do - generateCertificateconfiguration "${kibana_node_names[i]}" "${kibana_node_ips[i]}" - eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${kibana_node_names[i]}-key.pem -out ${base_path}/certs/${kibana_node_names[i]}.csr -config ${base_path}/certs/${kibana_node_names[i]}.conf -days 3650 ${debug_cert}" - eval "openssl x509 -req -in ${base_path}/certs/${kibana_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${kibana_node_names[i]}.pem -extfile ${base_path}/certs/${kibana_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" - eval "chmod 444 ${base_path}/certs/${kibana_node_names[i]}-key.pem ${debug_cert}" - i=$(( i + 1 )) - done + + if [ ${#kibana_node_names[@]} -gt 0 ]; then + logger_cert "Creating the Kibana certificate." + + for i in "${!kibana_node_names[@]}"; do + generateCertificateconfiguration "${kibana_node_names[i]}" "${kibana_node_ips[i]}" + eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${kibana_node_names[i]}-key.pem -out ${base_path}/certs/${kibana_node_names[i]}.csr -config ${base_path}/certs/${kibana_node_names[i]}.conf -days 3650 ${debug_cert}" + eval "openssl x509 -req -in ${base_path}/certs/${kibana_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${kibana_node_names[i]}.pem -extfile ${base_path}/certs/${kibana_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}" + eval "chmod 444 ${base_path}/certs/${kibana_node_names[i]}-key.pem ${debug_cert}" + done + fi } @@ -318,7 +318,7 @@ function parse_yaml() { function readConfig() { if [ -f "${config_file}" ]; then - if [ -s "${config_file}" ]; then + if [ ! -s "${config_file}" ]; then logger_cert -e "File ${config_file} is empty" exit 1 fi @@ -356,7 +356,7 @@ function readConfig() { logger_cert -e "Duplicated Wazuh server node ips." exit 1 fi - + unique_names=($(echo "${kibana_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) if [ "${#unique_names[@]}" -ne "${#kibana_node_names[@]}" ]; then logger_cert -e "Duplicated Kibana node names." From 42b43008fbfe971ab2f20df4ccea663a0bfb6e19 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 13:42:28 +0100 Subject: [PATCH 07/12] Do not run rollback if kibana fails to connect --- .../install_functions/opendistro/kibana.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/unattended_installer/install_functions/opendistro/kibana.sh b/unattended_installer/install_functions/opendistro/kibana.sh index 4cdfe55726..eef0e6b0de 100644 --- a/unattended_installer/install_functions/opendistro/kibana.sh +++ b/unattended_installer/install_functions/opendistro/kibana.sh @@ -112,11 +112,6 @@ function initializeKibana() { sleep 10 i=$((i+1)) done - if [ $i -eq 12 ]; then - logger -e "Cannot connect to Kibana." - rollBack - exit 1 - fi if [ "${#wazuh_servers_node_names[@]}" -eq 1 ]; then wazuh_api_address=${wazuh_servers_node_ips[0]} else @@ -126,6 +121,11 @@ function initializeKibana() { fi done fi + if [ ${i} -eq 12 ]; then + logger -e "Cannot connect to Kibana. Please check the status of your elasticsearch cluster" + logger "When Kibana is able to connect to your elasticsearch cluster, you can access the web interface https://${nodes_kibana_ip}. The credentials are admin:${u_pass}" + exit 1 + fi eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/kibana/data/wazuh/config/wazuh.yml ${debug}" logger "Kibana started." logger "You can access the web interface https://${nodes_kibana_ip}. The credentials are admin:${u_pass}" @@ -151,7 +151,7 @@ function initializeKibanaAIO() { sleep 10 i=$((i+1)) done - if [ $i -eq 12 ]; then + if [ ${i} -eq 12 ]; then logger -e "Cannot connect to Kibana." rollBack exit 1 From 45d3098d3beb48fcf5e913a670565f882e9976e1 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 16:15:27 +0100 Subject: [PATCH 08/12] Modify error message --- unattended_installer/install_functions/opendistro/checks.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/opendistro/checks.sh b/unattended_installer/install_functions/opendistro/checks.sh index 35c991a5b9..8e96eeeeb0 100644 --- a/unattended_installer/install_functions/opendistro/checks.sh +++ b/unattended_installer/install_functions/opendistro/checks.sh @@ -113,7 +113,7 @@ function checkArguments() { fi if [[ -n "${configurations}" && ( -n "${AIO}" || -n "${elasticsearch}" || -n "${kibana}" || -n "${wazuh}" || -n "${development}" || -n "${overwrite}" || -n "${start_elastic_cluster}" || -n "${tar_conf}" || -n "${uninstall}" ) ]]; then - logger -e "The argument -c|--certificates can't be used with -a, -k, -e, -u or -w arguments." + logger -e "The argument -c|--certificates can't be used with -a, -k, -e, -u, -d or -w arguments." exit 1 fi From be26f57806ac2fed45b2546b60960b143e1f7b4c Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 14 Jan 2022 16:39:12 +0100 Subject: [PATCH 09/12] Add exit after error --- unattended_installer/install_functions/opendistro/checks.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/unattended_installer/install_functions/opendistro/checks.sh b/unattended_installer/install_functions/opendistro/checks.sh index 8e96eeeeb0..ab78687c7c 100644 --- a/unattended_installer/install_functions/opendistro/checks.sh +++ b/unattended_installer/install_functions/opendistro/checks.sh @@ -271,14 +271,17 @@ function checkNames() { if [ -n "${winame}" ] && [[ ! "${wazuh_servers_node_names[@]}" =~ "${winame}" ]]; then logger -e "The Wazuh server node name ${winame} does not appear on the configuration file." + exit 1 fi if [ -n "${einame}" ] && [[ ! "${elasticsearch_node_names[@]}" =~ "${einame}" ]]; then logger -e "The Elasticsearch node name ${einame} does not appear on the configuration file." + exit 1 fi if [ -n "${kiname}" ] && [[ ! "${kibana_node_names[@]}" =~ "${kiname}" ]]; then logger -e "The Kibana node name ${kiname} does not appear on the configuration file." + exit 1 fi } From 52a99cf7771b621debac7df0a9a0aacd9c4368cb Mon Sep 17 00:00:00 2001 From: dfolcha Date: Mon, 17 Jan 2022 16:16:25 +0100 Subject: [PATCH 10/12] Fix checkInstalledPass --- .../install_functions/opendistro/wazuh-passwords-tool.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh b/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh index 0c188a5033..4805e358e9 100644 --- a/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh +++ b/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh @@ -88,7 +88,7 @@ checkInstalledPass() { if [ "${sys_type}" == "yum" ]; then filebeatinstalled=$(yum list installed 2>/dev/null | grep filebeat) elif [ "${sys_type}" == "zypper" ]; then - filebeatinstalled=$(zypper packages | grep filebeat | grep i+ | grep noarch) + filebeatinstalled=$(zypper packages | grep filebeat | grep i+) elif [ "${sys_type}" == "apt-get" ]; then filebeatinstalled=$(apt list --installed 2>/dev/null | grep filebeat) fi From 7f64f7c7c7f16f2a3b1e01a2381429d196b898f8 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Mon, 17 Jan 2022 16:57:53 +0100 Subject: [PATCH 11/12] Remove wazuh user references --- .../opendistro/wazuh-passwords-tool.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh b/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh index 4805e358e9..6677629716 100644 --- a/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh +++ b/unattended_installer/install_functions/opendistro/wazuh-passwords-tool.sh @@ -30,7 +30,7 @@ changePassword() { fi if [ "${users[i]}" == "admin" ]; then - wazuhpass=${passwords[i]} + adminpass=${passwords[i]} elif [ "${users[i]}" == "kibanaserver" ]; then kibpass=${passwords[i]} fi @@ -41,8 +41,8 @@ changePassword() { awk -v new="$hash" 'prev=="'${nuser}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /usr/share/elasticsearch/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /usr/share/elasticsearch/backup/internal_users.yml fi - if [ "${nuser}" == "wazuh" ]; then - wazuhpass=${password} + if [ "${nuser}" == "admin" ]; then + adminpass=${password} elif [ "${nuser}" == "kibanaserver" ]; then kibpass=${password} fi @@ -55,7 +55,7 @@ changePassword() { wazuhold=$(grep "password:" /etc/filebeat/filebeat.yml ) ra=" password: " wazuhold="${wazuhold//$ra}" - conf="$(awk '{sub("password: .*", "password: '${wazuhpass}'")}1' /etc/filebeat/filebeat.yml)" + conf="$(awk '{sub("password: .*", "password: '${adminpass}'")}1' /etc/filebeat/filebeat.yml)" echo "${conf}" > /etc/filebeat/filebeat.yml restartService "filebeat" fi @@ -467,8 +467,8 @@ readFileUsers() { It must have this format: User: - name: wazuh - password: wazuhpassword + name: admin + password: adminpassword User: name: kibanaserver password: kibanaserverpassword" From 041dfc3242acd12f4819f6cbd4ec75bde3c67012 Mon Sep 17 00:00:00 2001 From: Alberto R Date: Tue, 18 Jan 2022 09:11:33 +0100 Subject: [PATCH 12/12] Removed development restriction for configuration --- unattended_installer/install_functions/opendistro/checks.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/unattended_installer/install_functions/opendistro/checks.sh b/unattended_installer/install_functions/opendistro/checks.sh index ab78687c7c..4e35787fcc 100644 --- a/unattended_installer/install_functions/opendistro/checks.sh +++ b/unattended_installer/install_functions/opendistro/checks.sh @@ -112,12 +112,12 @@ function checkArguments() { fi fi - if [[ -n "${configurations}" && ( -n "${AIO}" || -n "${elasticsearch}" || -n "${kibana}" || -n "${wazuh}" || -n "${development}" || -n "${overwrite}" || -n "${start_elastic_cluster}" || -n "${tar_conf}" || -n "${uninstall}" ) ]]; then - logger -e "The argument -c|--certificates can't be used with -a, -k, -e, -u, -d or -w arguments." + if [[ -n "${configurations}" && ( -n "${AIO}" || -n "${elasticsearch}" || -n "${kibana}" || -n "${wazuh}" || -n "${overwrite}" || -n "${start_elastic_cluster}" || -n "${tar_conf}" || -n "${uninstall}" ) ]]; then + logger -e "The argument -c|--create-configurations can't be used with -a, -k, -e, -u or -w arguments." exit 1 fi - if [[ -n "${start_elastic_cluster}" && ( -n "${AIO}" || -n "${elasticsearch}" || -n "${kibana}" || -n "${wazuh}" || -n "${development}" || -n "${overwrite}" || -n "${configurations}" || -n "${tar_conf}" || -n "${uninstall}") ]]; then + if [[ -n "${start_elastic_cluster}" && ( -n "${AIO}" || -n "${elasticsearch}" || -n "${kibana}" || -n "${wazuh}" || -n "${overwrite}" || -n "${configurations}" || -n "${tar_conf}" || -n "${uninstall}") ]]; then logger -e "The argument -s|--start-cluster can't be used with -a, -k, -e or -w arguments." exit 1 fi