Added support for Vulnerability detection in WIA #2777
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Password tool change testing[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-install.sh -a
17/01/2024 13:59:13 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 13:59:13 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 13:59:16 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 13:59:16 INFO: Wazuh web interface port will be 443.
17/01/2024 13:59:17 INFO: Wazuh development repository added.
17/01/2024 13:59:17 INFO: --- Configuration files ---
17/01/2024 13:59:17 INFO: Generating configuration files.
17/01/2024 13:59:18 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
17/01/2024 13:59:18 INFO: --- Wazuh indexer ---
17/01/2024 13:59:18 INFO: Starting Wazuh indexer installation.
17/01/2024 14:01:19 INFO: Wazuh indexer installation finished.
17/01/2024 14:01:20 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 14:01:20 INFO: Starting service wazuh-indexer.
17/01/2024 14:01:30 INFO: wazuh-indexer service started.
17/01/2024 14:01:30 INFO: Initializing Wazuh indexer cluster security settings.
17/01/2024 14:01:42 INFO: The Wazuh indexer cluster ISM initialized.
17/01/2024 14:01:42 INFO: Wazuh indexer cluster initialized.
17/01/2024 14:01:42 INFO: --- Wazuh server ---
17/01/2024 14:01:42 INFO: Starting the Wazuh manager installation.
17/01/2024 14:03:09 INFO: Wazuh manager installation finished.
17/01/2024 14:03:09 INFO: Wazuh manager vulnerability detection configuration finished.
17/01/2024 14:03:09 INFO: Starting service wazuh-manager.
17/01/2024 14:03:21 INFO: wazuh-manager service started.
17/01/2024 14:03:21 INFO: Starting Filebeat installation.
17/01/2024 14:03:33 INFO: Filebeat installation finished.
17/01/2024 14:03:35 INFO: Filebeat post-install configuration finished.
17/01/2024 14:03:35 INFO: Starting service filebeat.
17/01/2024 14:03:35 INFO: filebeat service started.
17/01/2024 14:03:35 INFO: --- Wazuh dashboard ---
17/01/2024 14:03:35 INFO: Starting Wazuh dashboard installation.
17/01/2024 14:04:43 INFO: Wazuh dashboard installation finished.
17/01/2024 14:04:43 INFO: Wazuh dashboard post-install configuration finished.
17/01/2024 14:04:43 INFO: Starting service wazuh-dashboard.
17/01/2024 14:04:43 INFO: wazuh-dashboard service started.
17/01/2024 14:04:44 INFO: Updating the internal users.
17/01/2024 14:04:48 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 14:05:24 INFO: Initializing Wazuh dashboard web application.
17/01/2024 14:05:25 INFO: Wazuh dashboard web application initialized.
17/01/2024 14:05:25 INFO: --- Summary ---
17/01/2024 14:05:25 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: PzMB2UaCw5ikB84?5qqCCET8figPc16E
17/01/2024 14:05:25 INFO: Installation finished.ossec.conf <vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://localhost:9200</host>
</hosts>
<username>admin</username>
<password>PzMB2UaCw5ikB84?5qqCCET8figPc16E</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/wazuh-server.pem</certificate>
<key>/etc/filebeat/certs/wazuh-server-key.pem</key>
</ssl>
</indexer>
Password changed[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-passwords-tool.sh -u admin -p TestingPassword1?
17/01/2024 14:06:31 INFO: Updating the internal users.
17/01/2024 14:06:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 14:06:33 INFO: Generating password hash
17/01/2024 14:06:53 WARNING: Password changed. Remember to update the password in the Wazuh dashboard Wazuh server, and Filebeat nodes if necessary, and restart the services.
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://localhost:9200</host>
</hosts>
<username>admin</username>
<password>TestingPassword1?</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/wazuh-server.pem</certificate>
<key>/etc/filebeat/certs/wazuh-server-key.pem</key>
</ssl>
</indexer>
|
Distributed test password toolenvironment: Wazuh indexer:[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-install.sh -wi indexer-1
17/01/2024 14:42:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:42:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:42:16 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:42:18 INFO: Wazuh development repository added.
17/01/2024 14:42:18 INFO: --- Wazuh indexer ---
17/01/2024 14:42:18 INFO: Starting Wazuh indexer installation.
17/01/2024 14:44:31 INFO: Wazuh indexer installation finished.
17/01/2024 14:44:31 INFO: Wazuh indexer post-install configuration finished.
17/01/2024 14:44:31 INFO: Starting service wazuh-indexer.
17/01/2024 14:44:42 INFO: wazuh-indexer service started.
17/01/2024 14:44:42 INFO: Initializing Wazuh indexer cluster security settings.
17/01/2024 14:44:43 INFO: Wazuh indexer cluster initialized.
17/01/2024 14:44:43 INFO: Installation finished.
[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-install.sh --start-cluster
17/01/2024 14:45:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:45:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:45:03 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:45:06 INFO: Wazuh indexer cluster security configuration initialized.
17/01/2024 14:45:07 INFO: The Wazuh indexer cluster ISM initialized.
17/01/2024 14:45:08 INFO: Updating the internal users.
17/01/2024 14:45:09 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 14:45:15 INFO: Wazuh indexer cluster started.Wazuh manager:vagrant@ubuntu22:~$ sudo bash wazuh-install.sh -ws server-1
17/01/2024 14:45:37 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:45:37 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:45:59 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:46:02 INFO: --- Dependencies ----
17/01/2024 14:46:02 INFO: Installing apt-transport-https.
17/01/2024 14:46:12 INFO: Wazuh development repository added.
17/01/2024 14:46:13 INFO: --- Wazuh server ---
17/01/2024 14:46:13 INFO: Starting the Wazuh manager installation.
17/01/2024 14:48:06 INFO: Wazuh manager installation finished.
17/01/2024 14:48:06 INFO: Wazuh manager vulnerability detection configuration finished.
17/01/2024 14:48:06 INFO: Starting service wazuh-manager.
17/01/2024 14:48:23 INFO: wazuh-manager service started.
17/01/2024 14:48:23 INFO: Starting Filebeat installation.
17/01/2024 14:48:35 INFO: Filebeat installation finished.
17/01/2024 14:48:37 INFO: Filebeat post-install configuration finished.
17/01/2024 14:48:59 INFO: Starting service filebeat.
17/01/2024 14:48:59 INFO: filebeat service started.
17/01/2024 14:48:59 INFO: Installation finished.ossec.conf <vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>a9a9iU4?MBIl1qaxR8jB?xFV.bfjEDyV</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer>
Wazuh worker:vagrant@ubuntu20:~$ sudo bash wazuh-install.sh -ws server-2
17/01/2024 14:54:22 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:54:22 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:54:39 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:54:42 INFO: --- Dependencies ----
17/01/2024 14:54:42 INFO: Installing apt-transport-https.
17/01/2024 14:54:52 INFO: Wazuh development repository added.
17/01/2024 14:54:52 INFO: --- Wazuh server ---
17/01/2024 14:54:52 INFO: Starting the Wazuh manager installation.
17/01/2024 14:56:42 INFO: Wazuh manager installation finished.
17/01/2024 14:56:42 INFO: Wazuh manager vulnerability detection configuration finished.
17/01/2024 14:56:42 INFO: Starting service wazuh-manager.
17/01/2024 14:57:02 INFO: wazuh-manager service started.
17/01/2024 14:57:02 INFO: Starting Filebeat installation.
17/01/2024 14:57:14 INFO: Filebeat installation finished.
17/01/2024 14:57:16 INFO: Filebeat post-install configuration finished.
17/01/2024 14:57:34 INFO: Starting service filebeat.
17/01/2024 14:57:35 INFO: filebeat service started.
17/01/2024 14:57:35 INFO: Installation finished.ossec.conf <vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>a9a9iU4?MBIl1qaxR8jB?xFV.bfjEDyV</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer>Wazuh dashboard:[vagrant@centos-7 ~]$ sudo bash wazuh-install.sh -wd dashboard-1
17/01/2024 14:58:05 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
17/01/2024 14:58:05 INFO: Verbose logging redirected to /var/log/wazuh-install.log
17/01/2024 14:58:12 INFO: --- Dependencies ---
17/01/2024 14:58:12 INFO: Installing lsof.
17/01/2024 14:58:25 INFO: Verifying that your system meets the recommended minimum hardware requirements.
17/01/2024 14:58:25 INFO: Wazuh web interface port will be 443.
17/01/2024 14:58:28 INFO: Wazuh development repository added.
17/01/2024 14:58:28 INFO: --- Wazuh dashboard ----
17/01/2024 14:58:28 INFO: Starting Wazuh dashboard installation.
17/01/2024 15:00:01 INFO: Wazuh dashboard installation finished.
17/01/2024 15:00:01 INFO: Wazuh dashboard post-install configuration finished.
17/01/2024 15:00:01 INFO: Starting service wazuh-dashboard.
17/01/2024 15:00:01 INFO: wazuh-dashboard service started.
17/01/2024 15:00:14 INFO: Initializing Wazuh dashboard web application.
17/01/2024 15:00:15 INFO: Wazuh dashboard web application initialized.
17/01/2024 15:00:15 INFO: --- Summary ---
17/01/2024 15:00:15 INFO: You can access the web interface https://192.168.56.249:443
User: admin
Password: a9a9iU4?MBIl1qaxR8jB?xFV.bfjEDyV
17/01/2024 15:00:15 INFO: --- Dependencies ---
17/01/2024 15:00:15 INFO: Removing lsof.
17/01/2024 15:00:15 INFO: Installation finished.--- User admin password updated Wazuh indexer:[vagrant@amazonlinux-2 ~]$ sudo bash wazuh-passwords-tool.sh -u admin -p TestingPassword1?
17/01/2024 15:02:31 INFO: Updating the internal users.
17/01/2024 15:02:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
17/01/2024 15:02:33 INFO: Generating password hash
17/01/2024 15:02:36 WARNING: Password changed. Remember to update the password in the Wazuh dashboard Wazuh server, and Filebeat nodes if necessary, and restart the services.Wazuh manager:vagrant@ubuntu22:~$ echo TestingPassword1? | sudo filebeat keystore add password --stdin --force
Successfully updated the keystore
vagrant@ubuntu22:~$ sudo systemctl restart filebeat
vagrant@ubuntu22:~$ sudo sed -i 's/<password>.*<\/password>/<password>TestingPassword1?<\/password>/g' /var/ossec/etc/ossec.conf
vagrant@ubuntu22:~$ sudo systemctl restart wazuh-managerossec.conf <vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>TestingPassword1?</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer>Wazuh worker:vagrant@ubuntu20:~$ echo TestingPassword1? | sudo filebeat keystore add password --stdin --force
Successfully updated the keystore
vagrant@ubuntu20:~$ sudo systemctl restart filebeat
vagrant@ubuntu20:~$ sudo sed -i 's/<password>.*<\/password>/<password>TestingPassword1?<\/password>/g' /var/ossec/etc/ossec.conf
vagrant@ubuntu20:~$ sudo systemctl restart wazuh-managerossec.conf <vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://192.168.56.244:9200</host>
</hosts>
<username>admin</username>
<password>TestingPassword1?</password>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/server-1.pem</certificate>
<key>/etc/filebeat/certs/server-1-key.pem</key>
</ssl>
</indexer> |
teddytpc1
approved these changes
Jan 17, 2024
vcerenu
approved these changes
Jan 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
A function is added to modify the ossec.conf adding the necessary parameters for the Vulnerability detection configuration
Logs example
AIO: wazuh/wazuh#21413 (comment)
Distributed (3 nodes for Wazuh indexer): wazuh/wazuh#21413 (comment)
Distributed (1 node for Wazuh indexer): wazuh/wazuh#21413 (comment)