Release 4.10.0 - RC 1 - E2E UX tests - Central components upgrade

[wazuhci]

End-to-End (E2E) Testing Guideline

• Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
• Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
• Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
• External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
• Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
• Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
• Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
• Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
• Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
• Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Urgent priority. Communicate these to the team and QA via the c-release Slack channel.
• Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
• Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
• Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example Release 4.3.5 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #13994.
• Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-qa team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
• For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

• 🟢 All checks passed
• 🟡 Found a known issue
• 🔴 Found a new error

Issue delivery and completion

• Initial delivery: The issue's assignee must complete the testing and deliver the results by Dec 08, 2024 and notify the @wazuh/devel-qa team via Slack using the c-release channel
• Review: The @wazuh/devel-qa team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Dec 09, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
• Auditor: The QA team must audit, validate the results, and close the issue by Dec 10, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer	Step by step	Single node	Ubuntu 24.04 x86_64
Server	Step by step	Multi node	Ubuntu 24.04 amd64
Dashboard	Step by step	-	-
Agent	Installing Wazuh agents	-	Windows 11 x86_64, Debian 11 x86_64

Test description

1. Initial Deployment:

• Deploy the latest production release of the defined architecture as per the standard deployment requirements instructions from the section above.
• Connect one agent to the master node and another agent to the worker node.

2. Validation of Initial Deployment:

• Navigate through the UI to ensure that it is accessible and functional.
• Verify that both agents are connected to their respective nodes (master and worker) and are listed as active.
• Trigger or simulate a condition that would generate at least one alert from each agent, and confirm that these alerts are captured and displayed in the UI.
• Modify configuration files with the following command:

for file in \
    /etc/wazuh-indexer/opensearch-security/config.yml \
    /etc/wazuh-indexer/jvm.options \
    /etc/wazuh-indexer/opensearch.yml \
    /etc/wazuh-indexer/opensearch-security/internal_users.yml \
    /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \
    /etc/wazuh-indexer/opensearch-security/roles.yml \
    /etc/wazuh-dashboard/opensearch_dashboards.yml \
    /etc/default/wazuh-dashboard \
    /etc/wazuh-dashboard/opensearch_dashboards.keystore; do
    if [ -f "$file" ]; then
        echo -e "\n# This file should not be modified during the upgrade." | sudo tee -a "$file"
    else
        echo "File $file does not exist, skipping."
    fi
done

3. Upgrade of Central Components:

• Follow the upgrade guide provided in the documentation to upgrade the central components, including the master, worker, indexer, and dashboard.
• Monitor the upgrade process for any errors or warnings and document any that are encountered.
• ⚠️ Check that the installation does not hang and that there is no need to press enter to continue.

4. Post-Upgrade Validation:

• After the upgrade, navigate through the UI to ensure that all components are functioning correctly.
• Verify again that both agents are connected to their respective nodes and are active post-upgrade.
• Generate or simulate at least one alert from each agent to confirm that the alerting functionality is intact.
• Verify that the configuration files weren't modified with the following command:

for file in \
    /etc/wazuh-indexer/opensearch-security/config.yml \
    /etc/wazuh-indexer/jvm.options \
    /etc/wazuh-indexer/opensearch.yml \
    /etc/wazuh-indexer/opensearch-security/internal_users.yml \
    /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \
    /etc/wazuh-indexer/opensearch-security/roles.yml \
    /etc/wazuh-dashboard/opensearch_dashboards.yml \
    /etc/default/wazuh-dashboard \
    /etc/wazuh-dashboard/opensearch_dashboards.keystore; do
    grep -q "# This file should not be modified during the upgrade." "$file" && echo "PASSED: The phrase keeps appearing in: $file. The file has not been modified" || echo "FAILED: Missing phrase in $file. The file could have been modified"
done

5. Reporting:

• Document the results of the deployment, the upgrade process, and the post-upgrade validation.
• Include any deviations from expected outcomes, such as errors or warnings encountered during the upgrade.

Expected Results

• The deployment of the architecture is successful, with agents properly connected and active.
• The UI is navigable and functional both before and after the upgrade.
• Alerts are generated by both agents before and after the upgrade.
• No errors or warnings are encountered during the upgrade process, or any that occur are documented for further analysis.
• No configuration files were modified in the upgrade.

Known issues

There are no known issues.

Conclusions

Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:

Status	Test	Failure type	Notes
🟢	The deployment of the architecture is successful, with agents properly connected and active	-	-
🔴	The UI is navigable and functional both before and after the upgrade.	Securing your Wazuh installation could be tricky. Agents show an invalid agent name when Wazuh Cluster is created after agent registration. Dashboard shows wrong API or empty value	wazuh/wazuh-documentation#8025, #27267, wazuh/wazuh-dashboard#440
🟢	Alerts are generated by both agents before and after the upgrade.	-	-
🟢	No errors or warnings are encountered during the upgrade process	-	-
🟢	No configuration files were modified in the upgrade.	-	-

Feedback

We value your feedback. Please provide insights on your testing experience.

• Was the testing guideline clear? Were there any ambiguities?
  • Yes the testing guideline was clear
• Did you face any challenges not covered by the guideline?
  • I faced a lot of resource challenges on my workstation
• Suggestions for improvement:
  • Nothing for now

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

• @juliamagan
• @wazuh/devel-qa

Conclusions 🔴

• New issues:
  Securing your Wazuh installation API section is changing every password wazuh-documentation#8025
  Invalid agent name when Wazuh Cluster is created after agents registration #27267
  Shown Wazuh API version is wrong or empty after upgrade wazuh-dashboard#440

[Rebits]

Testing procedures analysis

It was used alpha1 reference:

root@Ubuntu24:~# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.10.0-alpha3/extensions/elasticsearch/7.x/wazuh-template.json

Wrong reference. Expected v4.10.0-rc1

Conclusion analysis

• Generate or simulate at least one alert from each agent to confirm that the alerting functionality is intact: Results clearly does not fulfill the expected Alerts are generated by both agents before and after the upgrade. An issue should be opened here.
• Verify that the configuration files weren't modified with the following command: Results clearly do not fulfill the expected No configuration files were modified in the upgrade:

FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/config.yml. The file could have been modified
grep: /etc/wazuh-indexer/jvm.options: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/jvm.options. The file could have been modified
grep: /etc/wazuh-indexer/opensearch.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch.yml. The file could have been modified
grep: /etc/wazuh-indexer/opensearch-security/internal_users.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/internal_users.yml. The file could have been modified
grep: /etc/wazuh-indexer/opensearch-security/roles_mapping.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/roles_mapping.yml. The file could have been modified
grep: /etc/wazuh-indexer/opensearch-security/roles.yml: No such file or directory

[jnasselle]

System Information

Host 1 (Wazuh indexer, Wazuh server node-1)

vagrant@host1:~$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
vagrant@host1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:64:e1:ff brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 86347sec preferred_lft 86347sec
    inet6 fd00::a00:27ff:fe64:e1ff/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 86348sec preferred_lft 14348sec
    inet6 fe80::a00:27ff:fe64:e1ff/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:e8:a8:bc brd ff:ff:ff:ff:ff:ff
    altname enp0s8
    inet 192.168.1.29/24 metric 100 brd 192.168.1.255 scope global dynamic eth1
       valid_lft 86349sec preferred_lft 86349sec
    inet6 fe80::a00:27ff:fee8:a8bc/64 scope link 
       valid_lft forever preferred_lft forever
vagrant@host1:~$ uname -a
Linux host1 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Host 2 (Wazuh server node-2, Wazuh dashboard)

vagrant@host2:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:64:e1:ff brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 86301sec preferred_lft 86301sec
    inet6 fd00::a00:27ff:fe64:e1ff/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 86301sec preferred_lft 14301sec
    inet6 fe80::a00:27ff:fe64:e1ff/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:30:89:5c brd ff:ff:ff:ff:ff:ff
    altname enp0s8
    inet 192.168.1.30/24 metric 100 brd 192.168.1.255 scope global dynamic eth1
       valid_lft 86303sec preferred_lft 86303sec
    inet6 fe80::a00:27ff:fe30:895c/64 scope link 
       valid_lft forever preferred_lft forever
vagrant@host2:~$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
vagrant@host2:~$ uname -a
Linux host2 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Windows 11 x86_64 (Wazuh agent 1)

PS C:\Users\vagrant> (Get-WmiObject -class Win32_OperatingSystem).Caption
Microsoft Windows 11 Enterprise Evaluation
PS C:\Users\vagrant> Get-NetIPAddress


IPAddress         : fe80::e21c:6645:b0d7:5574%5
InterfaceIndex    : 5
InterfaceAlias    : Ethernet 2
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : WellKnown
SuffixOrigin      : Link
AddressState      : Preferred
ValidLifetime     : 
PreferredLifetime : 
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : fe80::28d6:52e0:1dc7:7ccd%6
InterfaceIndex    : 6
InterfaceAlias    : Ethernet
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : WellKnown
SuffixOrigin      : Link
AddressState      : Preferred
ValidLifetime     : 
PreferredLifetime : 
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : fd00::79b7:d342:6b3:6aaa
InterfaceIndex    : 6
InterfaceAlias    : Ethernet
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 128
PrefixOrigin      : RouterAdvertisement
SuffixOrigin      : Random
AddressState      : Preferred
ValidLifetime     : 23:54:25
PreferredLifetime : 03:54:25
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : fd00::6dc5:2135:4ba8:1c35
InterfaceIndex    : 6
InterfaceAlias    : Ethernet
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 64
PrefixOrigin      : RouterAdvertisement
SuffixOrigin      : Link
AddressState      : Preferred
ValidLifetime     : 23:54:25
PreferredLifetime : 03:54:25
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : ::1
InterfaceIndex    : 1
InterfaceAlias    : Loopback Pseudo-Interface 1
AddressFamily     : IPv6
Type              : Unicast
PrefixLength      : 128
PrefixOrigin      : WellKnown
SuffixOrigin      : WellKnown
AddressState      : Preferred
ValidLifetime     :
PreferredLifetime :
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : 192.168.1.31
InterfaceIndex    : 5
InterfaceAlias    : Ethernet 2
AddressFamily     : IPv4
Type              : Unicast
PrefixLength      : 24
PrefixOrigin      : Dhcp
SuffixOrigin      : Dhcp
AddressState      : Preferred
ValidLifetime     : 23:47:21
PreferredLifetime : 23:47:21
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : 10.0.2.15
InterfaceIndex    : 6
InterfaceAlias    : Ethernet
AddressFamily     : IPv4
Type              : Unicast
PrefixLength      : 24
PrefixOrigin      : Dhcp
SuffixOrigin      : Dhcp
AddressState      : Preferred
ValidLifetime     : 23:47:21
PreferredLifetime : 23:47:21
SkipAsSource      : False
PolicyStore       : ActiveStore

IPAddress         : 127.0.0.1
InterfaceIndex    : 1
InterfaceAlias    : Loopback Pseudo-Interface 1
AddressFamily     : IPv4
Type              : Unicast
PrefixLength      : 8
PrefixOrigin      : WellKnown
SuffixOrigin      : WellKnown
AddressState      : Preferred
ValidLifetime     :
PreferredLifetime :
SkipAsSource      : False
PolicyStore       : ActiveStore

Debian 11 x86_64 (Wazuh agent 2)

vagrant init debian/bullseye64 --box-version 11.20240905.1
vagrant@bullseye:~$ cat  /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

vagrant@bullseye:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 86201sec preferred_lft 86201sec
    inet6 fd00::a00:27ff:fe8d:c04d/64 scope global dynamic mngtmpaddr 
       valid_lft 86202sec preferred_lft 14202sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:2f:47:be brd ff:ff:ff:ff:ff:ff
    altname enp0s8
    inet 192.168.1.28/24 brd 192.168.1.255 scope global dynamic eth1
       valid_lft 86210sec preferred_lft 86210sec
    inet6 fe80::a00:27ff:fe2f:47be/64 scope link 
       valid_lft forever preferred_lft forever
vagrant@bullseye:~$ uname -a
Linux bullseye 5.10.0-32-amd64 #1 SMP Debian 5.10.223-1 (2024-08-10) x86_64 GNU/Linux

[jnasselle]

1. Initial deployment

Wazuh Indexer 🟢

vagrant@host1:~$ curl -sO https://packages.wazuh.com/4.9/wazuh-certs-tool.sh
curl -sO https://packages.wazuh.com/4.9/config.yml
vagrant@host1:~$ nano config.yml 
vagrant@host1:~$ cat config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: "192.168.1.29"
    #- name: node-2
    #  ip: "<indexer-node-ip>"
    #- name: node-3
    #  ip: "<indexer-node-ip>"

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: "192.168.1.29"
      node_type: master
    - name: wazuh-2
      ip: "192.168.1.30"
      node_type: worker
    #- name: wazuh-3
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard
      ip: "192.168.1.30"


root@host1:/home/vagrant# bash ./wazuh-certs-tool.sh -A
11/12/2024 13:52:52 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log
11/12/2024 13:52:53 INFO: Generating the root certificate.
11/12/2024 13:52:53 INFO: Generating Admin certificates.
11/12/2024 13:52:53 INFO: Admin certificates created.
11/12/2024 13:52:53 INFO: Generating Wazuh indexer certificates.
11/12/2024 13:52:54 INFO: Wazuh indexer certificates created.
11/12/2024 13:52:54 INFO: Generating Filebeat certificates.
11/12/2024 13:52:54 INFO: Wazuh Filebeat certificates created.
11/12/2024 13:52:54 INFO: Generating Wazuh dashboard certificates.
11/12/2024 13:52:55 INFO: Wazuh dashboard certificates created.
root@host1:/home/vagrant# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
rm -rf ./wazuh-certificates
./
./admin.pem
./dashboard-key.pem
./root-ca.key
./node-1.pem
./dashboard.pem
./root-ca.pem
./wazuh-1-key.pem
./wazuh-2-key.pem
./node-1-key.pem
./admin-key.pem
./wazuh-1.pem
./wazuh-2.pem

vagrant@host1:~$ sudo apt-get install debconf adduser procps
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
debconf is already the newest version (1.5.86ubuntu1).
debconf set to manually installed.
adduser is already the newest version (3.137ubuntu1).
adduser set to manually installed.
procps is already the newest version (2:4.0.4-4ubuntu3).
procps set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


root@host1:/home/vagrant# apt-get install gnupg apt-transport-https
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
gnupg is already the newest version (2.4.4-2ubuntu17).
The following NEW packages will be installed:
  apt-transport-https
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 3,974 B of archives.
After this operation, 35.8 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://archive.ubuntu.com/ubuntu noble/universe amd64 apt-transport-https all 2.7.14build2 [3,974 B]
Fetched 3,974 B in 0s (8,121 B/s)               
Selecting previously unselected package apt-transport-https.
(Reading database ... 46826 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_2.7.14build2_all.deb ...
Unpacking apt-transport-https (2.7.14build2) ...
Setting up apt-transport-https (2.7.14build2) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host1:/home/vagrant# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <support@wazuh.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
root@host1:/home/vagrant# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
root@host1:/home/vagrant# apt-get update
Get:1 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:2 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [41.6 kB]                                                               
Get:3 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]       
Hit:4 http://archive.ubuntu.com/ubuntu noble InRelease   
Get:5 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Get:6 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [501 kB]
Get:7 http://archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB]
Get:8 http://security.ubuntu.com/ubuntu noble-security/main Translation-en [102 kB]
Get:9 http://security.ubuntu.com/ubuntu noble-security/main amd64 Components [7,188 B]
Get:10 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Packages [482 kB]               
Get:11 http://security.ubuntu.com/ubuntu noble-security/restricted Translation-en [93.1 kB]        
Get:12 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Components [212 B]
Get:13 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages [564 kB]
Get:14 http://security.ubuntu.com/ubuntu noble-security/universe Translation-en [150 kB] 
Get:15 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Components [51.9 kB]
Get:16 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Packages [12.2 kB]
Get:17 http://security.ubuntu.com/ubuntu noble-security/multiverse Translation-en [2,940 B]
Get:18 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Components [212 B]
Get:19 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [701 kB]        
Get:20 http://archive.ubuntu.com/ubuntu noble-updates/main Translation-en [162 kB]
Get:21 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Components [132 kB]
Get:22 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Packages [537 kB]
Get:23 http://archive.ubuntu.com/ubuntu noble-updates/restricted Translation-en [104 kB]
Get:24 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Components [212 B]
Get:25 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [726 kB]
Get:26 http://archive.ubuntu.com/ubuntu noble-updates/universe Translation-en [216 kB]
Get:27 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Components [310 kB]
Get:28 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Packages [16.0 kB]
Get:29 http://archive.ubuntu.com/ubuntu noble-updates/multiverse Translation-en [3,844 B]
Get:30 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Components [940 B]
Get:31 http://archive.ubuntu.com/ubuntu noble-backports/main amd64 Components [208 B]
Get:32 http://archive.ubuntu.com/ubuntu noble-backports/restricted amd64 Components [216 B]
Get:33 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 Packages [10.7 kB]
Get:34 http://archive.ubuntu.com/ubuntu noble-backports/universe Translation-en [10.8 kB]
Get:35 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 Components [11.7 kB]
Get:36 http://archive.ubuntu.com/ubuntu noble-backports/multiverse amd64 Components [212 B]
Fetched 5,346 kB in 3s (1,554 kB/s) 
Reading package lists... Done
root@host1:/home/vagrant# apt-get -y install wazuh-indexer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 204 not upgraded.
Need to get 850 MB of archives.
After this operation, 1,077 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-indexer amd64 4.9.2-1 [850 MB]
Fetched 850 MB in 22s (38.6 MB/s)                                                                                                                                                                                 
Selecting previously unselected package wazuh-indexer.
(Reading database ... 46830 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.9.2-1_amd64.deb ...
Running Wazuh Indexer Pre-Installation Script
Unpacking wazuh-indexer (4.9.2-1) ...
Setting up wazuh-indexer (4.9.2-1) ...
Running Wazuh Indexer Post-Installation Script
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
 sudo systemctl start wazuh-indexer.service
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host1:/home/vagrant# nano /etc/wazuh-indexer/opensearch.yml
root@host1:/home/vagrant# nano /etc/wazuh-indexer/opensearch.yml^C
root@host1:/home/vagrant# NODE_NAME=node-1
root@host1:/home/vagrant# export^C
root@host1:/home/vagrant# echo NO^C
root@host1:/home/vagrant# export NODE_NAME=node-1
root@host1:/home/vagrant# mkdir /etc/wazuh-indexer/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
root@host1:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-indexer
systemctl start wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
root@host1:/home/vagrant# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 192.168.1.29:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
root@host1:/home/vagrant# curl -k -u admin:admin https://192.168.1.29:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "jPxETxe7TS-kb32WX_qXdg",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "0aa3533d9a82a2a9acf03285cc47dfe264c5a15b",
    "build_date" : "2024-10-28T15:31:32.525674Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@host1:/home/vagrant# curl -k -u admin:admin https://192.168.1.29:9200/_cat/nodes?v
ip           heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
192.168.1.29           39          52   9    0.49    0.28     0.11 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1

Wazuh server node-1 🟢

root@host1:/home/vagrant# apt-get -y install wazuh-manager
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 204 not upgraded.
Need to get 333 MB of archives.
After this operation, 903 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-manager amd64 4.9.2-1 [333 MB]
Fetched 333 MB in 9s (38.4 MB/s)                                                                                                                                                                                  
Selecting previously unselected package wazuh-manager.
(Reading database ... 48015 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.9.2-1_amd64.deb ...
Unpacking wazuh-manager (4.9.2-1) ...
Setting up wazuh-manager (4.9.2-1) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host1:/home/vagrant# apt-get -y install filebeat
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 204 not upgraded.
Need to get 22.1 MB of archives.
After this operation, 73.6 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 filebeat amd64 7.10.2 [22.1 MB]
Fetched 22.1 MB in 1s (17.3 MB/s)    
Selecting previously unselected package filebeat.
(Reading database ... 71997 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host1:/home/vagrant# curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml
root@host1:/home/vagrant# nano /etc/filebeat/filebeat.yml
root@host1:/home/vagrant# filebeat keystore create
Created filebeat keystore
root@host1:/home/vagrant# echo admin | filebeat keystore add username --stdin --force
echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
Successfully updated the keystore
root@host1:/home/vagrant# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json
chmod go+r /etc/filebeat/wazuh-template.json
root@host1:/home/vagrant# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
root@host1:/home/vagrant# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module^C
root@host1:/home/vagrant# export NODE_NAME=wazuh-1
root@host1:/home/vagrant# mkdir /etc/filebeat/certs
tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
chmod 500 /etc/filebeat/certs
chmod 400 /etc/filebeat/certs/*
chown -R root:root /etc/filebeat/certs
root@host1:/home/vagrant# echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k password
root@host1:/home/vagrant# nano /var/ossec/etc/ossec.conf
root@host1:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-manager
systemctl start wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
root@host1:/home/vagrant# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-12-11 14:10:29 UTC; 4s ago
    Process: 52537 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
      Tasks: 163 (limit: 9443)
     Memory: 1.4G (peak: 1.4G)
        CPU: 36.523s
     CGroup: /system.slice/wazuh-manager.service
             ├─52599 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─52638 /var/ossec/bin/wazuh-authd
             ├─52651 /var/ossec/bin/wazuh-db
             ├─52677 /var/ossec/bin/wazuh-execd
             ├─52680 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─52683 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─52686 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─52699 /var/ossec/bin/wazuh-analysisd
             ├─52708 /var/ossec/bin/wazuh-syscheckd
             ├─52725 /var/ossec/bin/wazuh-remoted
             ├─52808 /var/ossec/bin/wazuh-logcollector
             ├─52824 /var/ossec/bin/wazuh-monitord
             └─52840 /var/ossec/bin/wazuh-modulesd

Dec 11 14:10:22 host1 env[52537]: Started wazuh-analysisd...
Dec 11 14:10:23 host1 env[52537]: Started wazuh-syscheckd...
Dec 11 14:10:24 host1 env[52537]: Started wazuh-remoted...
Dec 11 14:10:25 host1 env[52537]: Started wazuh-logcollector...
Dec 11 14:10:26 host1 env[52537]: Started wazuh-monitord...
Dec 11 14:10:26 host1 env[52837]: 2024/12/11 14:10:26 wazuh-modulesd:router: INFO: Loaded router module.
Dec 11 14:10:26 host1 env[52837]: 2024/12/11 14:10:26 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Dec 11 14:10:27 host1 env[52537]: Started wazuh-modulesd...
Dec 11 14:10:29 host1 env[52537]: Completed.
Dec 11 14:10:29 host1 systemd[1]: Started wazuh-manager.service - Wazuh manager.
root@host1:/home/vagrant# systemctl daemon-reload
systemctl enable filebeat
systemctl start filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
root@host1:/home/vagrant# filebeat test output
elasticsearch: https://192.168.1.29:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.1.29
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Wazuh server node-2

root@host2:/home/vagrant# apt-get install gnupg apt-transport-https
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
gnupg is already the newest version (2.4.4-2ubuntu17).
The following NEW packages will be installed:
  apt-transport-https
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 3,974 B of archives.
After this operation, 35.8 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://archive.ubuntu.com/ubuntu noble/universe amd64 apt-transport-https all 2.7.14build2 [3,974 B]
Fetched 3,974 B in 1s (5,768 B/s)              
Selecting previously unselected package apt-transport-https.
(Reading database ... 46826 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_2.7.14build2_all.deb ...
Unpacking apt-transport-https (2.7.14build2) ...
Setting up apt-transport-https (2.7.14build2) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host2:/home/vagrant# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <support@wazuh.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
root@host2:/home/vagrant# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
root@host2:/home/vagrant# apt-get update
Get:1 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:2 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [41.6 kB]                                                               
Get:3 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]       
Hit:4 http://archive.ubuntu.com/ubuntu noble InRelease   
Get:5 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Get:6 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [501 kB]
Get:7 http://archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB]
Get:8 http://security.ubuntu.com/ubuntu noble-security/main Translation-en [102 kB]
Get:9 http://security.ubuntu.com/ubuntu noble-security/main amd64 Components [7,188 B]
Get:10 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Packages [482 kB]             
Get:11 http://security.ubuntu.com/ubuntu noble-security/restricted Translation-en [93.1 kB]            
Get:12 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Components [212 B]
Get:13 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages [564 kB]
Get:14 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [701 kB]       
Get:15 http://security.ubuntu.com/ubuntu noble-security/universe Translation-en [150 kB]
Get:16 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Components [51.9 kB]        
Get:17 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Packages [12.2 kB]           
Get:18 http://security.ubuntu.com/ubuntu noble-security/multiverse Translation-en [2,940 B]  
Get:19 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Components [212 B]         
Get:20 http://archive.ubuntu.com/ubuntu noble-updates/main Translation-en [162 kB]                  
Get:21 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Components [132 kB]
Get:22 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Packages [537 kB]
Get:23 http://archive.ubuntu.com/ubuntu noble-updates/restricted Translation-en [104 kB]
Get:24 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Components [212 B]
Get:25 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [726 kB]
Get:26 http://archive.ubuntu.com/ubuntu noble-updates/universe Translation-en [216 kB]
Get:27 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Components [310 kB]
Get:28 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Packages [16.0 kB]
Get:29 http://archive.ubuntu.com/ubuntu noble-updates/multiverse Translation-en [3,844 B]
Get:30 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Components [940 B]
Get:31 http://archive.ubuntu.com/ubuntu noble-backports/main amd64 Components [208 B]
Get:32 http://archive.ubuntu.com/ubuntu noble-backports/restricted amd64 Components [216 B]
Get:33 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 Packages [10.7 kB]
Get:34 http://archive.ubuntu.com/ubuntu noble-backports/universe Translation-en [10.8 kB]
Get:35 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 Components [11.7 kB]
Get:36 http://archive.ubuntu.com/ubuntu noble-backports/multiverse amd64 Components [212 B]
Fetched 5,346 kB in 4s (1,509 kB/s)                                       
Reading package lists... Done
root@host2:/home/vagrant# apt-get -y install wazuh-manager
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 204 not upgraded.
Need to get 333 MB of archives.
After this operation, 903 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-manager amd64 4.9.2-1 [333 MB]
Fetched 333 MB in 18s (18.6 MB/s)                                                                                                                                                                                 
Selecting previously unselected package wazuh-manager.
(Reading database ... 46830 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.9.2-1_amd64.deb ...
Unpacking wazuh-manager (4.9.2-1) ...
Setting up wazuh-manager (4.9.2-1) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host2:/home/vagrant# apt-get -y install filebeat
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 204 not upgraded.
Need to get 22.1 MB of archives.
After this operation, 73.6 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 filebeat amd64 7.10.2 [22.1 MB]
Fetched 22.1 MB in 1s (21.7 MB/s)   
Selecting previously unselected package filebeat.
(Reading database ... 70812 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host2:/home/vagrant# curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml
root@host2:/home/vagrant# nano /etc/filebeat/filebeat.yml
root@host2:/home/vagrant# filebeat keystore create
Created filebeat keystore
root@host2:/home/vagrant# echo admin | filebeat keystore add username --stdin --force
echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
Successfully updated the keystore
root@host2:/home/vagrant# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json
chmod go+r /etc/filebeat/wazuh-template.json
root@host2:/home/vagrant# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
root@host2:/home/vagrant# ls
wazuh-certificates.tar
root@host2:/home/vagrant# export NODE_NAME=wazuh-2
root@host2:/home/vagrant# mkdir /etc/filebeat/certs
tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
chmod 500 /etc/filebeat/certs
chmod 400 /etc/filebeat/certs/*
chown -R root:root /etc/filebeat/certs
root@host2:/home/vagrant# echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k password
root@host2:/home/vagrant# nano /var/ossec/etc/ossec.conf
root@host2:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-manager
systemctl start wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
root@host2:/home/vagrant# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-12-11 14:23:13 UTC; 22s ago
    Process: 51144 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
      Tasks: 164 (limit: 9443)
     Memory: 3.5G (peak: 3.5G)
        CPU: 1min 4.304s
     CGroup: /system.slice/wazuh-manager.service
             ├─51206 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─51245 /var/ossec/bin/wazuh-authd
             ├─51258 /var/ossec/bin/wazuh-db
             ├─51283 /var/ossec/bin/wazuh-execd
             ├─51287 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─51290 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─51293 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─51306 /var/ossec/bin/wazuh-analysisd
             ├─51315 /var/ossec/bin/wazuh-syscheckd
             ├─51334 /var/ossec/bin/wazuh-remoted
             ├─51416 /var/ossec/bin/wazuh-logcollector
             ├─51437 /var/ossec/bin/wazuh-monitord
             └─51477 /var/ossec/bin/wazuh-modulesd

Dec 11 14:23:06 host2 env[51144]: Started wazuh-analysisd...
Dec 11 14:23:07 host2 env[51144]: Started wazuh-syscheckd...
Dec 11 14:23:08 host2 env[51144]: Started wazuh-remoted...
Dec 11 14:23:09 host2 env[51144]: Started wazuh-logcollector...
Dec 11 14:23:10 host2 env[51144]: Started wazuh-monitord...
Dec 11 14:23:10 host2 env[51475]: 2024/12/11 14:23:10 wazuh-modulesd:router: INFO: Loaded router module.
Dec 11 14:23:10 host2 env[51475]: 2024/12/11 14:23:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Dec 11 14:23:11 host2 env[51144]: Started wazuh-modulesd...
Dec 11 14:23:13 host2 env[51144]: Completed.
Dec 11 14:23:13 host2 systemd[1]: Started wazuh-manager.service - Wazuh manager.
root@host2:/home/vagrant# systemctl daemon-reload
systemctl enable filebeat
systemctl start filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
root@host2:/home/vagrant# filebeat test output
elasticsearch: https://192.168.1.29:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.1.29
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Wazuh Dashboard 🟢

root@host2:/home/vagrant# apt-get install debhelper tar curl libcap2-bin #debhelper version 9 or later
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
tar is already the newest version (1.35+dfsg-3build1).
libcap2-bin is already the newest version (1:2.66-5ubuntu2).
libcap2-bin set to manually installed.
The following additional packages will be installed:
  autoconf automake autopoint autotools-dev build-essential cpp cpp-13 cpp-13-x86-64-linux-gnu cpp-x86-64-linux-gnu debugedit dh-autoreconf dh-strip-nondeterminism dpkg dpkg-dev dwz fakeroot fontconfig-config
  fonts-dejavu-core fonts-dejavu-mono g++ g++-13 g++-13-x86-64-linux-gnu g++-x86-64-linux-gnu gcc gcc-13 gcc-13-base gcc-13-x86-64-linux-gnu gcc-14-base gcc-x86-64-linux-gnu gettext intltool-debian
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libaom3 libarchive-cpio-perl libarchive-zip-perl libasan8 libatomic1 libc-bin libc-dev-bin libc-devtools libc6 libc6-dev libcc1-0
  libcrypt-dev libcurl3t64-gnutls libcurl4t64 libde265-0 libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-13-dev libgcc-s1
  libgd3 libgomp1 libheif-plugin-aomdec libheif-plugin-aomenc libheif-plugin-libde265 libheif1 libhwasan0 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblerc4 liblsan0 libltdl-dev libltdl7
  libmail-sendmail-perl libmpc3 libquadmath0 libsharpyuv0 libstdc++-13-dev libstdc++6 libsub-override-perl libsys-hostname-long-perl libtiff6 libtool libtsan2 libubsan1 libwebp7 libx11-6 libx11-data libxau6
  libxcb1 libxdmcp6 libxpm4 linux-libc-dev linux-tools-common locales lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto
Suggested packages:
  autoconf-archive gnu-standards autoconf-doc cpp-doc gcc-13-locales cpp-13-doc dh-make debsig-verify debian-keyring g++-multilib g++-13-multilib gcc-13-doc gcc-multilib flex bison gdb gcc-doc gcc-13-multilib
  gdb-x86-64-linux-gnu gettext-doc libasprintf-dev libgettextpo-dev glibc-doc libnss-nis libnss-nisplus bzr libgd-tools libheif-plugin-x265 libheif-plugin-ffmpegdec libheif-plugin-jpegdec
  libheif-plugin-jpegenc libheif-plugin-j2kdec libheif-plugin-j2kenc libheif-plugin-rav1e libheif-plugin-svtenc libtool-doc libstdc++-13-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc
  libmail-box-perl
The following NEW packages will be installed:
  autoconf automake autopoint autotools-dev build-essential cpp cpp-13 cpp-13-x86-64-linux-gnu cpp-x86-64-linux-gnu debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot
  fontconfig-config fonts-dejavu-core fonts-dejavu-mono g++ g++-13 g++-13-x86-64-linux-gnu g++-x86-64-linux-gnu gcc gcc-13 gcc-13-base gcc-13-x86-64-linux-gnu gcc-x86-64-linux-gnu gettext intltool-debian
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libaom3 libarchive-cpio-perl libarchive-zip-perl libasan8 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev
  libde265-0 libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-13-dev libgd3 libgomp1 libheif-plugin-aomdec
  libheif-plugin-aomenc libheif-plugin-libde265 libheif1 libhwasan0 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblerc4 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libquadmath0
  libsharpyuv0 libstdc++-13-dev libsub-override-perl libsys-hostname-long-perl libtiff6 libtool libtsan2 libubsan1 libwebp7 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxpm4 linux-libc-dev
  lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto
The following packages will be upgraded:
  curl dpkg gcc-14-base libc-bin libc6 libcurl3t64-gnutls libcurl4t64 libgcc-s1 libstdc++6 linux-tools-common locales
11 upgraded, 93 newly installed, 0 to remove and 193 not upgraded.
Need to get 92.4 MB of archives.
After this operation, 283 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 dpkg amd64 1.22.6ubuntu6.1 [1,283 kB]
Get:2 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 gcc-14-base amd64 14.2.0-4ubuntu2~24.04 [50.8 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libgcc-s1 amd64 14.2.0-4ubuntu2~24.04 [78.6 kB]
Get:4 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libstdc++6 amd64 14.2.0-4ubuntu2~24.04 [791 kB]
Get:5 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libc6 amd64 2.39-0ubuntu8.3 [3,265 kB]
Get:6 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libc-bin amd64 2.39-0ubuntu8.3 [722 kB]
Get:7 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 locales all 2.39-0ubuntu8.3 [4,231 kB]
Get:8 http://archive.ubuntu.com/ubuntu noble/main amd64 libxau6 amd64 1:1.0.9-1build6 [7,160 B]
Get:9 http://archive.ubuntu.com/ubuntu noble/main amd64 libxdmcp6 amd64 1:1.1.3-0ubuntu6 [10.3 kB]
Get:10 http://archive.ubuntu.com/ubuntu noble/main amd64 libxcb1 amd64 1.15-1ubuntu2 [47.7 kB]
Get:11 http://archive.ubuntu.com/ubuntu noble/main amd64 libx11-data all 2:1.8.7-1build1 [115 kB]
Get:12 http://archive.ubuntu.com/ubuntu noble/main amd64 libx11-6 amd64 2:1.8.7-1build1 [650 kB]
Get:13 http://archive.ubuntu.com/ubuntu noble/main amd64 m4 amd64 1.4.19-4build1 [244 kB]                                                                                                                         
Get:14 http://archive.ubuntu.com/ubuntu noble/main amd64 autoconf all 2.71-3 [339 kB]                                                                                                                             
Get:15 http://archive.ubuntu.com/ubuntu noble/main amd64 autotools-dev all 20220109.1 [44.9 kB]                                                                                                                   
Get:16 http://archive.ubuntu.com/ubuntu noble/main amd64 automake all 1:1.16.5-1.3ubuntu1 [558 kB]                                                                                                                
Get:17 http://archive.ubuntu.com/ubuntu noble/main amd64 autopoint all 0.21-14ubuntu2 [422 kB]                                                                                                                    
Get:18 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libc-dev-bin amd64 2.39-0ubuntu8.3 [60.8 kB]                                                                                                     
Get:19 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 linux-libc-dev amd64 6.8.0-50.51 [1,768 kB]                                                                                                      
Get:20 http://archive.ubuntu.com/ubuntu noble/main amd64 libcrypt-dev amd64 1:4.4.36-4build1 [112 kB]                                                                                                             
Get:21 http://archive.ubuntu.com/ubuntu noble/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu7 [67.4 kB]                                                                                                              
Get:22 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libc6-dev amd64 2.39-0ubuntu8.3 [2,164 kB]                                                                                                       
Get:23 http://archive.ubuntu.com/ubuntu noble/main amd64 gcc-13-base amd64 13.2.0-23ubuntu4 [49.0 kB]                                                                                                             
Get:24 http://archive.ubuntu.com/ubuntu noble/main amd64 libisl23 amd64 0.26-3build1 [680 kB]                                                                                                                     
Get:25 http://archive.ubuntu.com/ubuntu noble/main amd64 libmpc3 amd64 1.3.1-1build1 [54.5 kB]                                                                                                                    
Get:26 http://archive.ubuntu.com/ubuntu noble/main amd64 cpp-13-x86-64-linux-gnu amd64 13.2.0-23ubuntu4 [11.2 MB]                                                                                                 
Get:27 http://archive.ubuntu.com/ubuntu noble/main amd64 cpp-13 amd64 13.2.0-23ubuntu4 [1,032 B]                                                                                                                  
Get:28 http://archive.ubuntu.com/ubuntu noble/main amd64 cpp-x86-64-linux-gnu amd64 4:13.2.0-7ubuntu1 [5,326 B]                                                                                                   
Get:29 http://archive.ubuntu.com/ubuntu noble/main amd64 cpp amd64 4:13.2.0-7ubuntu1 [22.4 kB]                                                                                                                    
Get:30 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libcc1-0 amd64 14.2.0-4ubuntu2~24.04 [48.0 kB]                                                                                                   
Get:31 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libgomp1 amd64 14.2.0-4ubuntu2~24.04 [148 kB]                                                                                                    
Get:32 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libitm1 amd64 14.2.0-4ubuntu2~24.04 [29.7 kB]                                                                                                    
Get:33 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libatomic1 amd64 14.2.0-4ubuntu2~24.04 [10.5 kB]                                                                                                 
Get:34 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libasan8 amd64 14.2.0-4ubuntu2~24.04 [3,031 kB]                                                                                                  
Get:35 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 liblsan0 amd64 14.2.0-4ubuntu2~24.04 [1,322 kB]                                                                                                  
Get:36 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libtsan2 amd64 14.2.0-4ubuntu2~24.04 [2,772 kB]                                                                                                  
Get:37 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libubsan1 amd64 14.2.0-4ubuntu2~24.04 [1,184 kB]                                                                                                 
Get:38 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libhwasan0 amd64 14.2.0-4ubuntu2~24.04 [1,641 kB]                                                                                                
Get:39 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libquadmath0 amd64 14.2.0-4ubuntu2~24.04 [153 kB]                                                                                                
Get:40 http://archive.ubuntu.com/ubuntu noble/main amd64 libgcc-13-dev amd64 13.2.0-23ubuntu4 [2,688 kB]                                                                                                          
Get:41 http://archive.ubuntu.com/ubuntu noble/main amd64 gcc-13-x86-64-linux-gnu amd64 13.2.0-23ubuntu4 [21.9 MB]                                                                                                 
Get:42 http://archive.ubuntu.com/ubuntu noble/main amd64 gcc-13 amd64 13.2.0-23ubuntu4 [482 kB]                                                                                                                   
Get:43 http://archive.ubuntu.com/ubuntu noble/main amd64 gcc-x86-64-linux-gnu amd64 4:13.2.0-7ubuntu1 [1,212 B]                                                                                                   
Get:44 http://archive.ubuntu.com/ubuntu noble/main amd64 gcc amd64 4:13.2.0-7ubuntu1 [5,018 B]                                                                                                                    
Get:45 http://archive.ubuntu.com/ubuntu noble/main amd64 libstdc++-13-dev amd64 13.2.0-23ubuntu4 [2,399 kB]                                                                                                       
Get:46 http://archive.ubuntu.com/ubuntu noble/main amd64 g++-13-x86-64-linux-gnu amd64 13.2.0-23ubuntu4 [12.5 MB]                                                                                                 
Get:47 http://archive.ubuntu.com/ubuntu noble/main amd64 g++-13 amd64 13.2.0-23ubuntu4 [14.5 kB]                                                                                                                  
Get:48 http://archive.ubuntu.com/ubuntu noble/main amd64 g++-x86-64-linux-gnu amd64 4:13.2.0-7ubuntu1 [964 B]                                                                                                     
Get:49 http://archive.ubuntu.com/ubuntu noble/main amd64 g++ amd64 4:13.2.0-7ubuntu1 [1,100 B]                                                                                                                    
Get:50 http://archive.ubuntu.com/ubuntu noble/main amd64 make amd64 4.3-4.1build2 [180 kB]                                                                                                                        
Get:51 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libdpkg-perl all 1.22.6ubuntu6.1 [269 kB]                                                                                                        
Get:52 http://archive.ubuntu.com/ubuntu noble/main amd64 lto-disabled-list all 47 [12.4 kB]                                                                                                                       
Get:53 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 dpkg-dev all 1.22.6ubuntu6.1 [1,074 kB]                                                                                                          
Get:54 http://archive.ubuntu.com/ubuntu noble/main amd64 build-essential amd64 12.10ubuntu1 [4,928 B]                                                                                                             
Get:55 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 curl amd64 8.5.0-2ubuntu10.5 [227 kB]                                                                                                            
Get:56 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libcurl4t64 amd64 8.5.0-2ubuntu10.5 [341 kB]                                                                                                     
Get:57 http://archive.ubuntu.com/ubuntu noble/main amd64 libdebhelper-perl all 13.14.1ubuntu5 [89.8 kB]                                                                                                           
Get:58 http://archive.ubuntu.com/ubuntu noble/main amd64 libtool all 2.4.7-7build1 [166 kB]                                                                                                                       
Get:59 http://archive.ubuntu.com/ubuntu noble/main amd64 dh-autoreconf all 20 [16.1 kB]                                                                                                                           
Get:60 http://archive.ubuntu.com/ubuntu noble/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB]                                                                                                                 
Get:61 http://archive.ubuntu.com/ubuntu noble/main amd64 libsub-override-perl all 0.10-1 [10.0 kB]                                                                                                                
Get:62 http://archive.ubuntu.com/ubuntu noble/main amd64 libfile-stripnondeterminism-perl all 1.13.1-1 [18.1 kB]                                                                                                  
Get:63 http://archive.ubuntu.com/ubuntu noble/main amd64 dh-strip-nondeterminism all 1.13.1-1 [5,362 B]                                                                                                           
Get:64 http://archive.ubuntu.com/ubuntu noble/main amd64 debugedit amd64 1:5.0-5build2 [46.1 kB]                                                                                                                  
Get:65 http://archive.ubuntu.com/ubuntu noble/main amd64 dwz amd64 0.15-1build6 [115 kB]                                                                                                                          
Get:66 http://archive.ubuntu.com/ubuntu noble/main amd64 gettext amd64 0.21-14ubuntu2 [864 kB]                                                                                                                    
Get:67 http://archive.ubuntu.com/ubuntu noble/main amd64 intltool-debian all 0.35.0+20060710.6 [23.2 kB]                                                                                                          
Get:68 http://archive.ubuntu.com/ubuntu noble/main amd64 po-debconf all 1.0.21+nmu1 [233 kB]                                                                                                                      
Get:69 http://archive.ubuntu.com/ubuntu noble/main amd64 debhelper all 13.14.1ubuntu5 [869 kB]                                                                                                                    
Get:70 http://archive.ubuntu.com/ubuntu noble/main amd64 libfakeroot amd64 1.33-1 [32.4 kB]                                                                                                                       
Get:71 http://archive.ubuntu.com/ubuntu noble/main amd64 fakeroot amd64 1.33-1 [67.2 kB]                                                                                                                          
Get:72 http://archive.ubuntu.com/ubuntu noble/main amd64 fonts-dejavu-mono all 2.37-8 [502 kB]                                                                                                                    
Get:73 http://archive.ubuntu.com/ubuntu noble/main amd64 fonts-dejavu-core all 2.37-8 [835 kB]                                                                                                                    
Get:74 http://archive.ubuntu.com/ubuntu noble/main amd64 fontconfig-config amd64 2.15.0-1.1ubuntu2 [37.3 kB]                                                                                                      
Get:75 http://archive.ubuntu.com/ubuntu noble/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB]                                                                                                             
Get:76 http://archive.ubuntu.com/ubuntu noble/main amd64 libalgorithm-diff-xs-perl amd64 0.04-8build3 [11.2 kB]                                                                                                   
Get:77 http://archive.ubuntu.com/ubuntu noble/main amd64 libalgorithm-merge-perl all 0.08-5 [11.4 kB]                                                                                                             
Get:78 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libaom3 amd64 3.8.2-2ubuntu0.1 [1,941 kB]                                                                                                        
Get:79 http://archive.ubuntu.com/ubuntu noble/main amd64 libarchive-cpio-perl all 0.10-3 [10.3 kB]                                                                                                                
Get:80 http://archive.ubuntu.com/ubuntu noble/main amd64 libfontconfig1 amd64 2.15.0-1.1ubuntu2 [139 kB]                                                                                                          
Get:81 http://archive.ubuntu.com/ubuntu noble/main amd64 libsharpyuv0 amd64 1.3.2-0.4build3 [15.8 kB]                                                                                                             
Get:82 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libheif-plugin-aomdec amd64 1.17.6-1ubuntu4.1 [10.4 kB]                                                                                          
Get:83 http://archive.ubuntu.com/ubuntu noble/main amd64 libde265-0 amd64 1.0.15-1build3 [166 kB]                                                                                                                 
Get:84 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libheif-plugin-libde265 amd64 1.17.6-1ubuntu4.1 [8,176 B]                                                                                        
Get:85 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libheif1 amd64 1.17.6-1ubuntu4.1 [275 kB]                                                                                                        
Get:86 http://archive.ubuntu.com/ubuntu noble/main amd64 libjpeg-turbo8 amd64 2.1.5-2ubuntu2 [150 kB]                                                                                                             
Get:87 http://archive.ubuntu.com/ubuntu noble/main amd64 libjpeg8 amd64 8c-2ubuntu11 [2,148 B]                                                                                                                    
Get:88 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libdeflate0 amd64 1.19-1build1.1 [43.9 kB]                                                                                                       
Get:89 http://archive.ubuntu.com/ubuntu noble/main amd64 libjbig0 amd64 2.1-6.1ubuntu2 [29.7 kB]                                                                                                                  
Get:90 http://archive.ubuntu.com/ubuntu noble/main amd64 liblerc4 amd64 4.0.0+ds-4ubuntu2 [179 kB]                                                                                                                
Get:91 http://archive.ubuntu.com/ubuntu noble/main amd64 libwebp7 amd64 1.3.2-0.4build3 [230 kB]                                                                                                                  
Get:92 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libtiff6 amd64 4.5.1+git230720-4ubuntu2.2 [199 kB]                                                                                               
Get:93 http://archive.ubuntu.com/ubuntu noble/main amd64 libxpm4 amd64 1:3.5.17-1build2 [36.5 kB]                                                                                                                 
Get:94 http://archive.ubuntu.com/ubuntu noble/main amd64 libgd3 amd64 2.3.3-9ubuntu5 [128 kB]                                                                                                                     
Get:95 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libc-devtools amd64 2.39-0ubuntu8.3 [69.7 kB]                                                                                                    
Get:96 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libcurl3t64-gnutls amd64 8.5.0-2ubuntu10.5 [333 kB]                                                                                              
Get:97 http://archive.ubuntu.com/ubuntu noble/main amd64 libfile-fcntllock-perl amd64 0.22-4ubuntu5 [30.7 kB]                                                                                                     
Get:98 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libheif-plugin-aomenc amd64 1.17.6-1ubuntu4.1 [14.7 kB]                                                                                          
Get:99 http://archive.ubuntu.com/ubuntu noble/main amd64 libltdl7 amd64 2.4.7-7build1 [40.3 kB]                                                                                                                   
Get:100 http://archive.ubuntu.com/ubuntu noble/main amd64 libltdl-dev amd64 2.4.7-7build1 [168 kB]                                                                                                                
Get:101 http://archive.ubuntu.com/ubuntu noble/main amd64 libsys-hostname-long-perl all 1.5-3 [10.6 kB]                                                                                                           
Get:102 http://archive.ubuntu.com/ubuntu noble/main amd64 libmail-sendmail-perl all 0.80-3 [21.7 kB]                                                                                                              
Get:103 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 linux-tools-common all 6.8.0-50.51 [609 kB]                                                                                                     
Get:104 http://archive.ubuntu.com/ubuntu noble/main amd64 manpages-dev all 6.7-2 [2,013 kB]                                                                                                                       
Fetched 92.4 MB in 23s (4,017 kB/s)                                                                                                                                                                               
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 71131 files and directories currently installed.)
Preparing to unpack .../dpkg_1.22.6ubuntu6.1_amd64.deb ...
Unpacking dpkg (1.22.6ubuntu6.1) over (1.22.6ubuntu6) ...
Setting up dpkg (1.22.6ubuntu6.1) ...
(Reading database ... 71131 files and directories currently installed.)
Preparing to unpack .../gcc-14-base_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking gcc-14-base:amd64 (14.2.0-4ubuntu2~24.04) over (14-20240412-0ubuntu1) ...
Setting up gcc-14-base:amd64 (14.2.0-4ubuntu2~24.04) ...
(Reading database ... 71131 files and directories currently installed.)
Preparing to unpack .../libgcc-s1_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libgcc-s1:amd64 (14.2.0-4ubuntu2~24.04) over (14-20240412-0ubuntu1) ...
Setting up libgcc-s1:amd64 (14.2.0-4ubuntu2~24.04) ...
(Reading database ... 71131 files and directories currently installed.)
Preparing to unpack .../libstdc++6_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libstdc++6:amd64 (14.2.0-4ubuntu2~24.04) over (14-20240412-0ubuntu1) ...
Setting up libstdc++6:amd64 (14.2.0-4ubuntu2~24.04) ...
(Reading database ... 71131 files and directories currently installed.)
Preparing to unpack .../libc6_2.39-0ubuntu8.3_amd64.deb ...
Unpacking libc6:amd64 (2.39-0ubuntu8.3) over (2.39-0ubuntu8.1) ...
Setting up libc6:amd64 (2.39-0ubuntu8.3) ...
(Reading database ... 71132 files and directories currently installed.)
Preparing to unpack .../libc-bin_2.39-0ubuntu8.3_amd64.deb ...
Unpacking libc-bin (2.39-0ubuntu8.3) over (2.39-0ubuntu8.1) ...
Setting up libc-bin (2.39-0ubuntu8.3) ...
(Reading database ... 71133 files and directories currently installed.)
Preparing to unpack .../00-locales_2.39-0ubuntu8.3_all.deb ...
Unpacking locales (2.39-0ubuntu8.3) over (2.39-0ubuntu8.1) ...
Selecting previously unselected package libxau6:amd64.
Preparing to unpack .../01-libxau6_1%3a1.0.9-1build6_amd64.deb ...
Unpacking libxau6:amd64 (1:1.0.9-1build6) ...
Selecting previously unselected package libxdmcp6:amd64.
Preparing to unpack .../02-libxdmcp6_1%3a1.1.3-0ubuntu6_amd64.deb ...
Unpacking libxdmcp6:amd64 (1:1.1.3-0ubuntu6) ...
Selecting previously unselected package libxcb1:amd64.
Preparing to unpack .../03-libxcb1_1.15-1ubuntu2_amd64.deb ...
Unpacking libxcb1:amd64 (1.15-1ubuntu2) ...
Selecting previously unselected package libx11-data.
Preparing to unpack .../04-libx11-data_2%3a1.8.7-1build1_all.deb ...
Unpacking libx11-data (2:1.8.7-1build1) ...
Selecting previously unselected package libx11-6:amd64.
Preparing to unpack .../05-libx11-6_2%3a1.8.7-1build1_amd64.deb ...
Unpacking libx11-6:amd64 (2:1.8.7-1build1) ...
Selecting previously unselected package m4.
Preparing to unpack .../06-m4_1.4.19-4build1_amd64.deb ...
Unpacking m4 (1.4.19-4build1) ...
Selecting previously unselected package autoconf.
Preparing to unpack .../07-autoconf_2.71-3_all.deb ...
Unpacking autoconf (2.71-3) ...
Selecting previously unselected package autotools-dev.
Preparing to unpack .../08-autotools-dev_20220109.1_all.deb ...
Unpacking autotools-dev (20220109.1) ...
Selecting previously unselected package automake.
Preparing to unpack .../09-automake_1%3a1.16.5-1.3ubuntu1_all.deb ...
Unpacking automake (1:1.16.5-1.3ubuntu1) ...
Selecting previously unselected package autopoint.
Preparing to unpack .../10-autopoint_0.21-14ubuntu2_all.deb ...
Unpacking autopoint (0.21-14ubuntu2) ...
Selecting previously unselected package libc-dev-bin.
Preparing to unpack .../11-libc-dev-bin_2.39-0ubuntu8.3_amd64.deb ...
Unpacking libc-dev-bin (2.39-0ubuntu8.3) ...
Selecting previously unselected package linux-libc-dev:amd64.
Preparing to unpack .../12-linux-libc-dev_6.8.0-50.51_amd64.deb ...
Unpacking linux-libc-dev:amd64 (6.8.0-50.51) ...
Selecting previously unselected package libcrypt-dev:amd64.
Preparing to unpack .../13-libcrypt-dev_1%3a4.4.36-4build1_amd64.deb ...
Unpacking libcrypt-dev:amd64 (1:4.4.36-4build1) ...
Selecting previously unselected package rpcsvc-proto.
Preparing to unpack .../14-rpcsvc-proto_1.4.2-0ubuntu7_amd64.deb ...
Unpacking rpcsvc-proto (1.4.2-0ubuntu7) ...
Selecting previously unselected package libc6-dev:amd64.
Preparing to unpack .../15-libc6-dev_2.39-0ubuntu8.3_amd64.deb ...
Unpacking libc6-dev:amd64 (2.39-0ubuntu8.3) ...
Selecting previously unselected package gcc-13-base:amd64.
Preparing to unpack .../16-gcc-13-base_13.2.0-23ubuntu4_amd64.deb ...
Unpacking gcc-13-base:amd64 (13.2.0-23ubuntu4) ...
Selecting previously unselected package libisl23:amd64.
Preparing to unpack .../17-libisl23_0.26-3build1_amd64.deb ...
Unpacking libisl23:amd64 (0.26-3build1) ...
Selecting previously unselected package libmpc3:amd64.
Preparing to unpack .../18-libmpc3_1.3.1-1build1_amd64.deb ...
Unpacking libmpc3:amd64 (1.3.1-1build1) ...
Selecting previously unselected package cpp-13-x86-64-linux-gnu.
Preparing to unpack .../19-cpp-13-x86-64-linux-gnu_13.2.0-23ubuntu4_amd64.deb ...
Unpacking cpp-13-x86-64-linux-gnu (13.2.0-23ubuntu4) ...
Selecting previously unselected package cpp-13.
Preparing to unpack .../20-cpp-13_13.2.0-23ubuntu4_amd64.deb ...
Unpacking cpp-13 (13.2.0-23ubuntu4) ...
Selecting previously unselected package cpp-x86-64-linux-gnu.
Preparing to unpack .../21-cpp-x86-64-linux-gnu_4%3a13.2.0-7ubuntu1_amd64.deb ...
Unpacking cpp-x86-64-linux-gnu (4:13.2.0-7ubuntu1) ...
Selecting previously unselected package cpp.
Preparing to unpack .../22-cpp_4%3a13.2.0-7ubuntu1_amd64.deb ...
Unpacking cpp (4:13.2.0-7ubuntu1) ...
Selecting previously unselected package libcc1-0:amd64.
Preparing to unpack .../23-libcc1-0_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libcc1-0:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libgomp1:amd64.
Preparing to unpack .../24-libgomp1_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libgomp1:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libitm1:amd64.
Preparing to unpack .../25-libitm1_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libitm1:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libatomic1:amd64.
Preparing to unpack .../26-libatomic1_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libatomic1:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libasan8:amd64.
Preparing to unpack .../27-libasan8_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libasan8:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package liblsan0:amd64.
Preparing to unpack .../28-liblsan0_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking liblsan0:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libtsan2:amd64.
Preparing to unpack .../29-libtsan2_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libtsan2:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libubsan1:amd64.
Preparing to unpack .../30-libubsan1_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libubsan1:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libhwasan0:amd64.
Preparing to unpack .../31-libhwasan0_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libhwasan0:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libquadmath0:amd64.
Preparing to unpack .../32-libquadmath0_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libquadmath0:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libgcc-13-dev:amd64.
Preparing to unpack .../33-libgcc-13-dev_13.2.0-23ubuntu4_amd64.deb ...
Unpacking libgcc-13-dev:amd64 (13.2.0-23ubuntu4) ...
Selecting previously unselected package gcc-13-x86-64-linux-gnu.
Preparing to unpack .../34-gcc-13-x86-64-linux-gnu_13.2.0-23ubuntu4_amd64.deb ...
Unpacking gcc-13-x86-64-linux-gnu (13.2.0-23ubuntu4) ...
Selecting previously unselected package gcc-13.
Preparing to unpack .../35-gcc-13_13.2.0-23ubuntu4_amd64.deb ...
Unpacking gcc-13 (13.2.0-23ubuntu4) ...
Selecting previously unselected package gcc-x86-64-linux-gnu.
Preparing to unpack .../36-gcc-x86-64-linux-gnu_4%3a13.2.0-7ubuntu1_amd64.deb ...
Unpacking gcc-x86-64-linux-gnu (4:13.2.0-7ubuntu1) ...
Selecting previously unselected package gcc.
Preparing to unpack .../37-gcc_4%3a13.2.0-7ubuntu1_amd64.deb ...
Unpacking gcc (4:13.2.0-7ubuntu1) ...
Selecting previously unselected package libstdc++-13-dev:amd64.
Preparing to unpack .../38-libstdc++-13-dev_13.2.0-23ubuntu4_amd64.deb ...
Unpacking libstdc++-13-dev:amd64 (13.2.0-23ubuntu4) ...
Selecting previously unselected package g++-13-x86-64-linux-gnu.
Preparing to unpack .../39-g++-13-x86-64-linux-gnu_13.2.0-23ubuntu4_amd64.deb ...
Unpacking g++-13-x86-64-linux-gnu (13.2.0-23ubuntu4) ...
Selecting previously unselected package g++-13.
Preparing to unpack .../40-g++-13_13.2.0-23ubuntu4_amd64.deb ...
Unpacking g++-13 (13.2.0-23ubuntu4) ...
Selecting previously unselected package g++-x86-64-linux-gnu.
Preparing to unpack .../41-g++-x86-64-linux-gnu_4%3a13.2.0-7ubuntu1_amd64.deb ...
Unpacking g++-x86-64-linux-gnu (4:13.2.0-7ubuntu1) ...
Selecting previously unselected package g++.
Preparing to unpack .../42-g++_4%3a13.2.0-7ubuntu1_amd64.deb ...
Unpacking g++ (4:13.2.0-7ubuntu1) ...
Selecting previously unselected package make.
Preparing to unpack .../43-make_4.3-4.1build2_amd64.deb ...
Unpacking make (4.3-4.1build2) ...
Selecting previously unselected package libdpkg-perl.
Preparing to unpack .../44-libdpkg-perl_1.22.6ubuntu6.1_all.deb ...
Unpacking libdpkg-perl (1.22.6ubuntu6.1) ...
Selecting previously unselected package lto-disabled-list.
Preparing to unpack .../45-lto-disabled-list_47_all.deb ...
Unpacking lto-disabled-list (47) ...
Selecting previously unselected package dpkg-dev.
Preparing to unpack .../46-dpkg-dev_1.22.6ubuntu6.1_all.deb ...
Unpacking dpkg-dev (1.22.6ubuntu6.1) ...
Selecting previously unselected package build-essential.
Preparing to unpack .../47-build-essential_12.10ubuntu1_amd64.deb ...
Unpacking build-essential (12.10ubuntu1) ...
Preparing to unpack .../48-curl_8.5.0-2ubuntu10.5_amd64.deb ...
Unpacking curl (8.5.0-2ubuntu10.5) over (8.5.0-2ubuntu10.1) ...
Preparing to unpack .../49-libcurl4t64_8.5.0-2ubuntu10.5_amd64.deb ...
Unpacking libcurl4t64:amd64 (8.5.0-2ubuntu10.5) over (8.5.0-2ubuntu10.1) ...
Selecting previously unselected package libdebhelper-perl.
Preparing to unpack .../50-libdebhelper-perl_13.14.1ubuntu5_all.deb ...
Unpacking libdebhelper-perl (13.14.1ubuntu5) ...
Selecting previously unselected package libtool.
Preparing to unpack .../51-libtool_2.4.7-7build1_all.deb ...
Unpacking libtool (2.4.7-7build1) ...
Selecting previously unselected package dh-autoreconf.
Preparing to unpack .../52-dh-autoreconf_20_all.deb ...
Unpacking dh-autoreconf (20) ...
Selecting previously unselected package libarchive-zip-perl.
Preparing to unpack .../53-libarchive-zip-perl_1.68-1_all.deb ...
Unpacking libarchive-zip-perl (1.68-1) ...
Selecting previously unselected package libsub-override-perl.
Preparing to unpack .../54-libsub-override-perl_0.10-1_all.deb ...
Unpacking libsub-override-perl (0.10-1) ...
Selecting previously unselected package libfile-stripnondeterminism-perl.
Preparing to unpack .../55-libfile-stripnondeterminism-perl_1.13.1-1_all.deb ...
Unpacking libfile-stripnondeterminism-perl (1.13.1-1) ...
Selecting previously unselected package dh-strip-nondeterminism.
Preparing to unpack .../56-dh-strip-nondeterminism_1.13.1-1_all.deb ...
Unpacking dh-strip-nondeterminism (1.13.1-1) ...
Selecting previously unselected package debugedit.
Preparing to unpack .../57-debugedit_1%3a5.0-5build2_amd64.deb ...
Unpacking debugedit (1:5.0-5build2) ...
Selecting previously unselected package dwz.
Preparing to unpack .../58-dwz_0.15-1build6_amd64.deb ...
Unpacking dwz (0.15-1build6) ...
Selecting previously unselected package gettext.
Preparing to unpack .../59-gettext_0.21-14ubuntu2_amd64.deb ...
Unpacking gettext (0.21-14ubuntu2) ...
Selecting previously unselected package intltool-debian.
Preparing to unpack .../60-intltool-debian_0.35.0+20060710.6_all.deb ...
Unpacking intltool-debian (0.35.0+20060710.6) ...
Selecting previously unselected package po-debconf.
Preparing to unpack .../61-po-debconf_1.0.21+nmu1_all.deb ...
Unpacking po-debconf (1.0.21+nmu1) ...
Selecting previously unselected package debhelper.
Preparing to unpack .../62-debhelper_13.14.1ubuntu5_all.deb ...
Unpacking debhelper (13.14.1ubuntu5) ...
Selecting previously unselected package libfakeroot:amd64.
Preparing to unpack .../63-libfakeroot_1.33-1_amd64.deb ...
Unpacking libfakeroot:amd64 (1.33-1) ...
Selecting previously unselected package fakeroot.
Preparing to unpack .../64-fakeroot_1.33-1_amd64.deb ...
Unpacking fakeroot (1.33-1) ...
Selecting previously unselected package fonts-dejavu-mono.
Preparing to unpack .../65-fonts-dejavu-mono_2.37-8_all.deb ...
Unpacking fonts-dejavu-mono (2.37-8) ...
Selecting previously unselected package fonts-dejavu-core.
Preparing to unpack .../66-fonts-dejavu-core_2.37-8_all.deb ...
Unpacking fonts-dejavu-core (2.37-8) ...
Selecting previously unselected package fontconfig-config.
Preparing to unpack .../67-fontconfig-config_2.15.0-1.1ubuntu2_amd64.deb ...
Unpacking fontconfig-config (2.15.0-1.1ubuntu2) ...
Selecting previously unselected package libalgorithm-diff-perl.
Preparing to unpack .../68-libalgorithm-diff-perl_1.201-1_all.deb ...
Unpacking libalgorithm-diff-perl (1.201-1) ...
Selecting previously unselected package libalgorithm-diff-xs-perl:amd64.
Preparing to unpack .../69-libalgorithm-diff-xs-perl_0.04-8build3_amd64.deb ...
Unpacking libalgorithm-diff-xs-perl:amd64 (0.04-8build3) ...
Selecting previously unselected package libalgorithm-merge-perl.
Preparing to unpack .../70-libalgorithm-merge-perl_0.08-5_all.deb ...
Unpacking libalgorithm-merge-perl (0.08-5) ...
Selecting previously unselected package libaom3:amd64.
Preparing to unpack .../71-libaom3_3.8.2-2ubuntu0.1_amd64.deb ...
Unpacking libaom3:amd64 (3.8.2-2ubuntu0.1) ...
Selecting previously unselected package libarchive-cpio-perl.
Preparing to unpack .../72-libarchive-cpio-perl_0.10-3_all.deb ...
Unpacking libarchive-cpio-perl (0.10-3) ...
Selecting previously unselected package libfontconfig1:amd64.
Preparing to unpack .../73-libfontconfig1_2.15.0-1.1ubuntu2_amd64.deb ...
Unpacking libfontconfig1:amd64 (2.15.0-1.1ubuntu2) ...
Selecting previously unselected package libsharpyuv0:amd64.
Preparing to unpack .../74-libsharpyuv0_1.3.2-0.4build3_amd64.deb ...
Unpacking libsharpyuv0:amd64 (1.3.2-0.4build3) ...
Selecting previously unselected package libheif-plugin-aomdec:amd64.
Preparing to unpack .../75-libheif-plugin-aomdec_1.17.6-1ubuntu4.1_amd64.deb ...
Unpacking libheif-plugin-aomdec:amd64 (1.17.6-1ubuntu4.1) ...
Selecting previously unselected package libde265-0:amd64.
Preparing to unpack .../76-libde265-0_1.0.15-1build3_amd64.deb ...
Unpacking libde265-0:amd64 (1.0.15-1build3) ...
Selecting previously unselected package libheif-plugin-libde265:amd64.
Preparing to unpack .../77-libheif-plugin-libde265_1.17.6-1ubuntu4.1_amd64.deb ...
Unpacking libheif-plugin-libde265:amd64 (1.17.6-1ubuntu4.1) ...
Selecting previously unselected package libheif1:amd64.
Preparing to unpack .../78-libheif1_1.17.6-1ubuntu4.1_amd64.deb ...
Unpacking libheif1:amd64 (1.17.6-1ubuntu4.1) ...
Selecting previously unselected package libjpeg-turbo8:amd64.
Preparing to unpack .../79-libjpeg-turbo8_2.1.5-2ubuntu2_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (2.1.5-2ubuntu2) ...
Selecting previously unselected package libjpeg8:amd64.
Preparing to unpack .../80-libjpeg8_8c-2ubuntu11_amd64.deb ...
Unpacking libjpeg8:amd64 (8c-2ubuntu11) ...
Selecting previously unselected package libdeflate0:amd64.
Preparing to unpack .../81-libdeflate0_1.19-1build1.1_amd64.deb ...
Unpacking libdeflate0:amd64 (1.19-1build1.1) ...
Selecting previously unselected package libjbig0:amd64.
Preparing to unpack .../82-libjbig0_2.1-6.1ubuntu2_amd64.deb ...
Unpacking libjbig0:amd64 (2.1-6.1ubuntu2) ...
Selecting previously unselected package liblerc4:amd64.
Preparing to unpack .../83-liblerc4_4.0.0+ds-4ubuntu2_amd64.deb ...
Unpacking liblerc4:amd64 (4.0.0+ds-4ubuntu2) ...
Selecting previously unselected package libwebp7:amd64.
Preparing to unpack .../84-libwebp7_1.3.2-0.4build3_amd64.deb ...
Unpacking libwebp7:amd64 (1.3.2-0.4build3) ...
Selecting previously unselected package libtiff6:amd64.
Preparing to unpack .../85-libtiff6_4.5.1+git230720-4ubuntu2.2_amd64.deb ...
Unpacking libtiff6:amd64 (4.5.1+git230720-4ubuntu2.2) ...
Selecting previously unselected package libxpm4:amd64.
Preparing to unpack .../86-libxpm4_1%3a3.5.17-1build2_amd64.deb ...
Unpacking libxpm4:amd64 (1:3.5.17-1build2) ...
Selecting previously unselected package libgd3:amd64.
Preparing to unpack .../87-libgd3_2.3.3-9ubuntu5_amd64.deb ...
Unpacking libgd3:amd64 (2.3.3-9ubuntu5) ...
Selecting previously unselected package libc-devtools.
Preparing to unpack .../88-libc-devtools_2.39-0ubuntu8.3_amd64.deb ...
Unpacking libc-devtools (2.39-0ubuntu8.3) ...
Preparing to unpack .../89-libcurl3t64-gnutls_8.5.0-2ubuntu10.5_amd64.deb ...
Unpacking libcurl3t64-gnutls:amd64 (8.5.0-2ubuntu10.5) over (8.5.0-2ubuntu10.1) ...
Selecting previously unselected package libfile-fcntllock-perl.
Preparing to unpack .../90-libfile-fcntllock-perl_0.22-4ubuntu5_amd64.deb ...
Unpacking libfile-fcntllock-perl (0.22-4ubuntu5) ...
Selecting previously unselected package libheif-plugin-aomenc:amd64.
Preparing to unpack .../91-libheif-plugin-aomenc_1.17.6-1ubuntu4.1_amd64.deb ...
Unpacking libheif-plugin-aomenc:amd64 (1.17.6-1ubuntu4.1) ...
Selecting previously unselected package libltdl7:amd64.
Preparing to unpack .../92-libltdl7_2.4.7-7build1_amd64.deb ...
Unpacking libltdl7:amd64 (2.4.7-7build1) ...
Selecting previously unselected package libltdl-dev:amd64.
Preparing to unpack .../93-libltdl-dev_2.4.7-7build1_amd64.deb ...
Unpacking libltdl-dev:amd64 (2.4.7-7build1) ...
Selecting previously unselected package libsys-hostname-long-perl.
Preparing to unpack .../94-libsys-hostname-long-perl_1.5-3_all.deb ...
Unpacking libsys-hostname-long-perl (1.5-3) ...
Selecting previously unselected package libmail-sendmail-perl.
Preparing to unpack .../95-libmail-sendmail-perl_0.80-3_all.deb ...
Unpacking libmail-sendmail-perl (0.80-3) ...
Preparing to unpack .../96-linux-tools-common_6.8.0-50.51_all.deb ...
Unpacking linux-tools-common (6.8.0-50.51) over (6.8.0-31.31) ...
Selecting previously unselected package manpages-dev.
Preparing to unpack .../97-manpages-dev_6.7-2_all.deb ...
Unpacking manpages-dev (6.7-2) ...
Setting up libsharpyuv0:amd64 (1.3.2-0.4build3) ...
Setting up libaom3:amd64 (3.8.2-2ubuntu0.1) ...
Setting up manpages-dev (6.7-2) ...
Setting up libxau6:amd64 (1:1.0.9-1build6) ...
Setting up libxdmcp6:amd64 (1:1.1.3-0ubuntu6) ...
Setting up lto-disabled-list (47) ...
Setting up libxcb1:amd64 (1.15-1ubuntu2) ...
Setting up liblerc4:amd64 (4.0.0+ds-4ubuntu2) ...
Setting up libcurl4t64:amd64 (8.5.0-2ubuntu10.5) ...
Setting up libfile-fcntllock-perl (0.22-4ubuntu5) ...
Setting up libalgorithm-diff-perl (1.201-1) ...
Setting up libarchive-zip-perl (1.68-1) ...
Setting up libdebhelper-perl (13.14.1ubuntu5) ...
Setting up libdeflate0:amd64 (1.19-1build1.1) ...
Setting up libcurl3t64-gnutls:amd64 (8.5.0-2ubuntu10.5) ...
Setting up linux-libc-dev:amd64 (6.8.0-50.51) ...
Setting up m4 (1.4.19-4build1) ...
Setting up libgomp1:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up locales (2.39-0ubuntu8.3) ...
Generating locales (this might take a while)...
  en_US.UTF-8... done
Generation complete.
Setting up libjbig0:amd64 (2.1-6.1ubuntu2) ...
Setting up libfakeroot:amd64 (1.33-1) ...
Setting up fakeroot (1.33-1) ...
update-alternatives: using /usr/bin/fakeroot-sysv to provide /usr/bin/fakeroot (fakeroot) in auto mode
Setting up autotools-dev (20220109.1) ...
Setting up rpcsvc-proto (1.4.2-0ubuntu7) ...
Setting up gcc-13-base:amd64 (13.2.0-23ubuntu4) ...
Setting up libx11-data (2:1.8.7-1build1) ...
Setting up make (4.3-4.1build2) ...
Setting up libquadmath0:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up fonts-dejavu-mono (2.37-8) ...
Setting up libmpc3:amd64 (1.3.1-1build1) ...
Setting up libatomic1:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up autopoint (0.21-14ubuntu2) ...
Setting up fonts-dejavu-core (2.37-8) ...
Setting up libjpeg-turbo8:amd64 (2.1.5-2ubuntu2) ...
Setting up libltdl7:amd64 (2.4.7-7build1) ...
Setting up libdpkg-perl (1.22.6ubuntu6.1) ...
Setting up autoconf (2.71-3) ...
Setting up libwebp7:amd64 (1.3.2-0.4build3) ...
Setting up libubsan1:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up dwz (0.15-1build6) ...
Setting up libhwasan0:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up libcrypt-dev:amd64 (1:4.4.36-4build1) ...
Setting up libarchive-cpio-perl (0.10-3) ...
Setting up libasan8:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up debugedit (1:5.0-5build2) ...
Setting up libsub-override-perl (0.10-1) ...
Setting up libx11-6:amd64 (2:1.8.7-1build1) ...
Setting up curl (8.5.0-2ubuntu10.5) ...
Setting up libtsan2:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up libisl23:amd64 (0.26-3build1) ...
Setting up libde265-0:amd64 (1.0.15-1build3) ...
Setting up libc-dev-bin (2.39-0ubuntu8.3) ...
Setting up linux-tools-common (6.8.0-50.51) ...
Setting up libsys-hostname-long-perl (1.5-3) ...
Setting up libalgorithm-diff-xs-perl:amd64 (0.04-8build3) ...
Setting up libcc1-0:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up liblsan0:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up libitm1:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up libalgorithm-merge-perl (0.08-5) ...
Setting up libjpeg8:amd64 (8c-2ubuntu11) ...
Setting up automake (1:1.16.5-1.3ubuntu1) ...
update-alternatives: using /usr/bin/automake-1.16 to provide /usr/bin/automake (automake) in auto mode
Setting up libfile-stripnondeterminism-perl (1.13.1-1) ...
Setting up gettext (0.21-14ubuntu2) ...
Setting up libxpm4:amd64 (1:3.5.17-1build2) ...
Setting up cpp-13-x86-64-linux-gnu (13.2.0-23ubuntu4) ...
Setting up fontconfig-config (2.15.0-1.1ubuntu2) ...
Setting up dpkg-dev (1.22.6ubuntu6.1) ...
Setting up intltool-debian (0.35.0+20060710.6) ...
Setting up libmail-sendmail-perl (0.80-3) ...
Setting up libltdl-dev:amd64 (2.4.7-7build1) ...
Setting up dh-strip-nondeterminism (1.13.1-1) ...
Setting up libgcc-13-dev:amd64 (13.2.0-23ubuntu4) ...
Setting up libtiff6:amd64 (4.5.1+git230720-4ubuntu2.2) ...
Setting up libc6-dev:amd64 (2.39-0ubuntu8.3) ...
Setting up libstdc++-13-dev:amd64 (13.2.0-23ubuntu4) ...
Setting up cpp-x86-64-linux-gnu (4:13.2.0-7ubuntu1) ...
Setting up cpp-13 (13.2.0-23ubuntu4) ...
Setting up gcc-13-x86-64-linux-gnu (13.2.0-23ubuntu4) ...
Setting up po-debconf (1.0.21+nmu1) ...
Setting up gcc-13 (13.2.0-23ubuntu4) ...
Setting up cpp (4:13.2.0-7ubuntu1) ...
Setting up g++-13-x86-64-linux-gnu (13.2.0-23ubuntu4) ...
Setting up gcc-x86-64-linux-gnu (4:13.2.0-7ubuntu1) ...
Setting up libtool (2.4.7-7build1) ...
Setting up gcc (4:13.2.0-7ubuntu1) ...
Setting up dh-autoreconf (20) ...
Setting up g++-x86-64-linux-gnu (4:13.2.0-7ubuntu1) ...
Setting up g++-13 (13.2.0-23ubuntu4) ...
Setting up debhelper (13.14.1ubuntu5) ...
Setting up g++ (4:13.2.0-7ubuntu1) ...
update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in auto mode
Setting up build-essential (12.10ubuntu1) ...
Setting up libheif-plugin-aomdec:amd64 (1.17.6-1ubuntu4.1) ...
Setting up libheif1:amd64 (1.17.6-1ubuntu4.1) ...
Setting up libheif-plugin-libde265:amd64 (1.17.6-1ubuntu4.1) ...
Setting up libheif-plugin-aomenc:amd64 (1.17.6-1ubuntu4.1) ...
Processing triggers for libc-bin (2.39-0ubuntu8.3) ...
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for sgml-base (1.31) ...
Setting up libfontconfig1:amd64 (2.15.0-1.1ubuntu2) ...
Processing triggers for install-info (7.1-3build2) ...
Setting up libgd3:amd64 (2.3.3-9ubuntu5) ...
Setting up libc-devtools (2.39-0ubuntu8.3) ...
Processing triggers for libc-bin (2.39-0ubuntu8.3) ...
Scanning processes...                                                                                                                                                                                              
Scanning candidates...                                                                                                                                                                                             
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

Restarting services...
 systemctl restart cron.service filebeat.service fwupd.service multipathd.service polkit.service rsyslog.service ssh.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-udevd.service udisks2.service upower.service vboxadd-service.service wazuh-manager.service

Service restarts being deferred:
 systemctl restart ModemManager.service
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart systemd-logind.service

No containers need to be restarted.

User sessions running outdated binaries:
 vagrant @ session #4: gpg-agent[2029], sshd[1776,1821]
 vagrant @ user manager service: systemd[1781]

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host2:/home/vagrant# apt-get -y install wazuh-dashboard
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 193 not upgraded.
Need to get 166 MB of archives.
After this operation, 935 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-dashboard amd64 4.9.2-1 [166 MB]
Fetched 166 MB in 7s (23.0 MB/s)                                                                                                                                                                                  
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 78618 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.9.2-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.9.2-1) ...
Setting up wazuh-dashboard (4.9.2-1) ...
Scanning processes...                                                                                                                                                                                              
Scanning candidates...                                                                                                                                                                                             
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

Restarting services...
 systemctl restart vboxadd-service.service

Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart systemd-logind.service

No containers need to be restarted.

User sessions running outdated binaries:
 vagrant @ session #4: gpg-agent[2029], sshd[1776,1821]
 vagrant @ user manager service: systemd[1781]

No VM guests are running outdated hypervisor (qemu) binaries on this host.


root@host2:/home/vagrant# nano /etc/wazuh-dashboard/opensearch_dashboards.yml
root@host2:/home/vagrant# export NODE_NAME=dashboard
root@host2:/home/vagrant# mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
mv: not replacing '/etc/wazuh-dashboard/certs/dashboard.pem'
mv: not replacing '/etc/wazuh-dashboard/certs/dashboard-key.pem'
root@host2:/home/vagrant# diff ^C
root@host2:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-dashboard
systemctl start wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
root@host2:/home/vagrant# nano /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml 
root@host2:/home/vagrant# vim /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

Securizing host1 🔴

root@host1:/home/vagrant# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
11/12/2024 14:40:07 INFO: Updating the internal users.
11/12/2024 14:40:11 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/12/2024 14:40:11 INFO: Wazuh API admin credentials not provided, Wazuh API passwords not changed.
11/12/2024 14:40:21 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/12/2024 14:40:49 INFO: The password for user admin is iEmuZf3ttp5ANFGyHzL?u?m68WO1d9Hp
11/12/2024 14:40:49 INFO: The password for user anomalyadmin is yxP0r4y2WNGCcwIkeI+.4Jd6Fma4zF0M
11/12/2024 14:40:49 INFO: The password for user kibanaserver is U9qWxUeT7YnPZOWdlksw5HEB+1.Jinvk
11/12/2024 14:40:49 INFO: The password for user kibanaro is LiDAb0nvRCnlOpj6EmH?2CCCo8EmU7gF
11/12/2024 14:40:49 INFO: The password for user logstash is LMpc3Isb98L*owj*c4n45JA3wqs?V?A2
11/12/2024 14:40:49 INFO: The password for user readall is B3pzRh.sY?YycQGj?Tld3CiT6bEL94rP
11/12/2024 14:40:49 INFO: The password for user snapshotrestore is QhN+yDiQc+q*Q1*7F88e.eEmUrOSfRgj
11/12/2024 14:40:49 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
root@host1:/home/vagrant# curl -sO https://packages.wazuh.com/4.9/wazuh-passwords-tool.sh
bash wazuh-passwords-tool.sh --api --change-all --admin-user wazuh --admin-password wazuh
11/12/2024 14:41:05 INFO: Updating the internal users.
11/12/2024 14:41:09 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
11/12/2024 14:41:21 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
11/12/2024 14:41:45 INFO: The password for user admin is *ERWBUJYcoocwG?CRYfoHSnW7q0itdbh
11/12/2024 14:41:45 INFO: The password for user anomalyadmin is lhPFuWCjv*FlIMadgmNJo+7yYrV7f0vH
11/12/2024 14:41:45 INFO: The password for user kibanaserver is pSqT3?3eBspjKdBeQnSpCgsB.O?o9c8k
11/12/2024 14:41:45 INFO: The password for user kibanaro is tFS8z4ZnlKyc2c1w0G92IYrtySkqc+nX
11/12/2024 14:41:45 INFO: The password for user logstash is gmTiv5OKbx6GGJU2DQjdoTNltdAMMc?a
11/12/2024 14:41:45 INFO: The password for user readall is axSddng6vT7UzgIIv.Gq.PyTnq.8Z*LZ
11/12/2024 14:41:45 INFO: The password for user snapshotrestore is Et5vPBqXDJN72PHSB1paFMNgS+jhpyg+
11/12/2024 14:41:45 WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard, Wazuh server, and Filebeat nodes if necessary, and restart the services.
11/12/2024 14:41:47 INFO: The password for Wazuh API user wazuh is XFfgvv+Pm+olUvN3hRGSx*rIVQkVFQcE
11/12/2024 14:41:48 INFO: The password for Wazuh API user wazuh-wui is KcIFIovRmAeUho.+shLUs3FJMu*0Pvaa
root@host1:/home/vagrant# systemctl restart filebeat
root@host1:/home/vagrant# echo *ERWBUJYcoocwG?CRYfoHSnW7q0itdbh | filebeat keystore add password --stdin --force
Successfully updated the keystore
root@host1:/home/vagrant# systemctl restart filebeat

Securizing host2 🟢

root@host2:/home/vagrant#  echo *ERWBUJYcoocwG?CRYfoHSnW7q0itdbh | filebeat keystore add password --stdin --force
root@host2:/home/vagrant#   echo pSqT3?3eBspjKdBeQnSpCgsB.O?o9c8k | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
root@host2:/home/vagrant#  systemctl restart filebeat
root@host2:/home/vagrant#  systemctl restart wazuh-dashboard

Debian 11 agent 🟢

root@bullseye:/home/vagrant# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <support@wazuh.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
root@bullseye:/home/vagrant# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main
root@bullseye:/home/vagrant# apt-get update
Hit:1 https://deb.debian.org/debian bullseye InRelease
Hit:2 https://security.debian.org/debian-security bullseye-security InRelease
Hit:3 https://deb.debian.org/debian bullseye-updates InRelease
Hit:4 https://deb.debian.org/debian bullseye-backports InRelease
Get:5 https://packages.wazuh.com/4.x/apt stable InRelease [17.3 kB]
Get:6 https://packages.wazuh.com/4.x/apt stable/main amd64 Packages [41.6 kB]
Fetched 58.8 kB in 1s (61.2 kB/s)   
Reading package lists... Done
root@bullseye:/home/vagrant# WAZUH_MANAGER="192.168.1.30" apt-get install wazuh-agent
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  wazuh-agent
0 upgraded, 1 newly installed, 0 to remove and 34 not upgraded.
Need to get 10.8 MB of archives.
After this operation, 37.3 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-agent amd64 4.9.2-1 [10.8 MB]
Fetched 10.8 MB in 1s (19.4 MB/s)
Preconfiguring packages ...
Selecting previously unselected package wazuh-agent.
(Reading database ... 25408 files and directories currently installed.)
Preparing to unpack .../wazuh-agent_4.9.2-1_amd64.deb ...
Unpacking wazuh-agent (4.9.2-1) ...
Setting up wazuh-agent (4.9.2-1) ...
root@bullseye:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-agent.service → /lib/systemd/system/wazuh-agent.service.

Windows 11 Agent 🟢

PS C:\Users\vagrant> Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.9.2-1.msi -OutFile wazuh-agent-4.9.2-1.msi
PS C:\Users\vagrant> .\wazuh-agent-4.9.2-1.msi /q WAZUH_MANAGER="192.168.1.29"
PS C:\Users\vagrant> NET START Wazuh
The Wazuh service is starting.
The Wazuh service was started successfully.

[jnasselle]

2. Validation of Initial Deployment

Documentation:

• https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
• https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html
• https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html
• https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-windows.html
• https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html

Navigate through the UI to ensure that it is accessible and functional 🟢

Verify that both agents are connected to their respective nodes (master and worker) and are listed as active 🔴

🔴 although this step is ok, the agent label is duplicated. See "bullseye" in both agents. This could be caused due agent registration to each wazuh node before setting up the cluster.

Trigger or simulate a condition that would generate at least one alert from each agent, and confirm that these alerts are captured and displayed in the UI 🟢

• Using Wazuh dashboard, add the following custom rule into local_rules.xml

<!-- Local rules -->

<!-- Modify it at your will. -->
<!-- Copyright (C) 2015, Wazuh Inc. -->

<!-- Example -->
<group name="local,syslog,sshd,">

  <!--
  Dec 10 01:02:02 host sshd[1234]: Failed none for root from 1.1.1.1 port 1066 ssh2
  -->
  <rule id="100001" level="5">
    <if_sid>5716</if_sid>
    <srcip>1.1.1.1</srcip>
    <description>sshd: authentication failed from IP 1.1.1.1.</description>
    <group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
  </rule>
  
    <rule id="100002" level="5">
    <field name="issue">wazuh</field>
    <description>TEST E2E</description>
    <group>test,</group>
  </rule>

</group>

• Debian 11

root@bullseye:/home/vagrant# echo '{"issue":"https://github.com/wazuh/wazuh/issues/27183"}' >> /var/log/dpkg.log 

• Windows 11

Add the following localfile into ossec.conf

  <localfile>
    <log_format>syslog</log_format>
    <location>test.log</location>
  </localfile>

'{"issue":"https://github.com/wazuh/wazuh/issues/27183"}' | Out-File -FilePath "C:\Program Files (x86)\ossec-agent\test.log" -Encoding utf8 -Append

Modify configuration files 🟢

• Host 1

root@host1:/home/vagrant# for file in \
    /etc/wazuh-indexer/opensearch-security/config.yml \
    /etc/wazuh-indexer/jvm.options \
    /etc/wazuh-indexer/opensearch.yml \
    /etc/wazuh-indexer/opensearch-security/internal_users.yml \
    /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \
    /etc/wazuh-indexer/opensearch-security/roles.yml \
    /etc/wazuh-dashboard/opensearch_dashboards.yml \
    /etc/default/wazuh-dashboard \
    /etc/wazuh-dashboard/opensearch_dashboards.keystore; do
    if [ -f "$file" ]; then
        echo -e "\n# This file should not be modified during the upgrade." | sudo tee -a "$file"
    else
        echo "File $file does not exist, skipping."
    fi
done

# This file should not be modified during the upgrade.

# This file should not be modified during the upgrade.

# This file should not be modified during the upgrade.

# This file should not be modified during the upgrade.

# This file should not be modified during the upgrade.

# This file should not be modified during the upgrade.
File /etc/wazuh-dashboard/opensearch_dashboards.yml does not exist, skipping.
File /etc/default/wazuh-dashboard does not exist, skipping.
File /etc/wazuh-dashboard/opensearch_dashboards.keystore does not exist, skipping.

• Host 2

root@host2:/home/vagrant# for file in \
    /etc/wazuh-indexer/opensearch-security/config.yml \
    /etc/wazuh-indexer/jvm.options \
    /etc/wazuh-indexer/opensearch.yml \
    /etc/wazuh-indexer/opensearch-security/internal_users.yml \
    /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \
    /etc/wazuh-indexer/opensearch-security/roles.yml \
    /etc/wazuh-dashboard/opensearch_dashboards.yml \
    /etc/default/wazuh-dashboard \
    /etc/wazuh-dashboard/opensearch_dashboards.keystore; do
    if [ -f "$file" ]; then
        echo -e "\n# This file should not be modified during the upgrade." | sudo tee -a "$file"
    else
        echo "File $file does not exist, skipping."
    fi
done
File /etc/wazuh-indexer/opensearch-security/config.yml does not exist, skipping.
File /etc/wazuh-indexer/jvm.options does not exist, skipping.
File /etc/wazuh-indexer/opensearch.yml does not exist, skipping.
File /etc/wazuh-indexer/opensearch-security/internal_users.yml does not exist, skipping.
File /etc/wazuh-indexer/opensearch-security/roles_mapping.yml does not exist, skipping.
File /etc/wazuh-indexer/opensearch-security/roles.yml does not exist, skipping.

# This file should not be modified during the upgrade.

# This file should not be modified during the upgrade.

# This file should not be modified during the upgrade.

[jnasselle]

3. Upgrade of Central Components 🟢

Documentation: https://documentation-dev.wazuh.com/v4.10.0-rc1/upgrade-guide/upgrading-central-components.html

Follow the upgrade guide provided in the documentation to upgrade the central components, including the master, worker, indexer, and dashboard. 🟢

• Host 1 (Indexer, Master)

root@host1:/home/vagrant# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/y^C/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
root@host1:/home/vagrant# rm /etc/
Display all 199 possibilities? (y or n)
root@host1:/home/vagrant# vim /etc/apt/sources.list.d/wazuh.list
root@host1:/home/vagrant# apt update
Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Get:2 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]        
Get:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]        
Hit:5 http://archive.ubuntu.com/ubuntu noble-backports InRelease                                      
Get:6 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [501 kB]
Get:7 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [701 kB]
Get:8 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [42.4 kB]
Get:9 http://security.ubuntu.com/ubuntu noble-security/main Translation-en [102 kB]          
Get:10 http://archive.ubuntu.com/ubuntu noble-updates/main Translation-en [162 kB]
Get:11 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [727 kB]
Get:12 http://archive.ubuntu.com/ubuntu noble-updates/universe Translation-en [216 kB]                 
Fetched 2,721 kB in 4s (689 kB/s)                                                                    
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
206 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@host1:/home/vagrant# systemctl stop filebeat
systemctl stop wazuh-dashboard
Failed to stop wazuh-dashboard.service: Unit wazuh-dashboard.service not loaded.
root@host1:/home/vagrant# curl -X PUT "https://192.168.1.29:9200/_cluster/settings"  -u admin:*ERWBUJYcoocwG?CRYfoHSnW7q0itdbh -k -H 'Content-Type: application/json' -d'
{
  "persistent": {
    "cluster.routing.allocation.enable": "primaries"
  }
}
'
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"primaries"}}}},"transient":{}}root@host1:/home/vagrant# 
root@host1:/home/vagrant# curl -X POST "https://192.168.1.29:9200/_flush/synced" -u admin:*ERWBUJYcoocwG?CRYfoHSnW7q0itdbh -k
{"_shards":{"total":12,"successful":12,"failed":0}}root@host1:/home/vagrant# 
root@host1:/home/vagrant# systemctl stop wazuh-indexer
root@host1:/home/vagrant# apt-get install wazuh-indexer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be upgraded:
  wazuh-indexer
1 upgraded, 0 newly installed, 0 to remove and 205 not upgraded.
Need to get 870 MB of archives.
After this operation, 20.0 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.10.0-1 [870 MB]
Fetched 870 MB in 58s (15.1 MB/s)                                                                                                                                                                                 
(Reading database ... 72316 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.10.0-1_amd64.deb ...
Running Wazuh Indexer Pre-Removal Script
Running Wazuh Indexer Pre-Installation Script
Unpacking wazuh-indexer (4.10.0-1) over (4.9.2-1) ...
Setting up wazuh-indexer (4.10.0-1) ...
Running Wazuh Indexer Post-Installation Script
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
 sudo systemctl start wazuh-indexer.service
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host1:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-indexer
systemctl start wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
root@host1:/home/vagrant# curl -k -u admin:*ERWBUJYcoocwG?CRYfoHSnW7q0itdbh https://192.168.1.29:9200:9200/_cat/nodes?v
curl: (3) URL rejected: Port number was not a decimal number between 0 and 65535
root@host1:/home/vagrant# curl -k -u admin:*ERWBUJYcoocwG?CRYfoHSnW7q0itdbh https://192.168.1.29:9200/_cat/nodes?v
ip           heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
192.168.1.29           44          98   8    0.38    0.15     0.17 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
root@host1:/home/vagrant# curl -X PUT "https://192.168.1.29:9200/_cluster/settings"  -u admin:*ERWBUJYcoocwG?CRYfoHSnW7q0itdbh -k -H 'Content-Type: application/json' -d'
{
  "persistent": {
    "cluster.routing.allocation.enable": "all"
  }
}
'
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"all"}}}},"transient":{}}root@host1:/home/vagrant# curl -X PUT "https://192.168.1.29:9200/_cluster/settings"  -u admin:*ERWBUJYcoocroot@host1:/home/vagrant#  'Contk -u admin:*ERWBUJYcoocwG?CRYfoHSnW7q0itdbh https://192.168.1.29:9200/_cat/nodes?v
ip           heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
192.168.1.29           45          98   0    0.16    0.12     0.16 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
root@host1:/home/vagrant# curl -k -u admin:*ERWBUJYcoocwG?CRYfoHSnW7q0itdbh https://192.168.1.29:9200/_cat/nodes?v
ip           heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
192.168.1.29           46          98   0    0.11    0.12     0.15 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
root@host1:/home/vagrant# apt-get install wazuh-manager
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  expect
The following packages will be upgraded:
  wazuh-manager
1 upgraded, 0 newly installed, 0 to remove and 204 not upgraded.
Need to get 353 MB of archives.
After this operation, 21.5 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.10.0-1 [353 MB]
Fetched 353 MB in 29s (12.2 MB/s)                                                                                                                                                                                 
(Reading database ... 72311 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.10.0-1_amd64.deb ...
Unpacking wazuh-manager (4.10.0-1) over (4.9.2-1) ...
Setting up wazuh-manager (4.10.0-1) ...
Scanning processes...                                                                                                                                                                                              
Scanning candidates...                                                                                                                                                                                             
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

Restarting services...
 systemctl restart wazuh-indexer.service

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host1:/home/vagrant# curl -s https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module
wazuh/
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/module.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
root@host1:/home/vagrant# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.10.0-rc1/extensions/elasticsearch/7.x/wazuh-template.json
chmod go+r /etc/filebeat/wazuh-template.json
root@host1:/home/vagrant# systemctl daemon-reload
systemctl enable filebeat
systemctl start filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
root@host1:/home/vagrant# filebeat setup --pipelines
filebeat setup --index-management -E output.logstash.enabled=false
Loaded Ingest pipelines
ILM policy and write alias loading not enabled.

Index setup finished.

• Host 2 (Worker, Dashboard)

root@host2:/home/vagrant# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main" | tee /etc/apt/sources.list.d/wazuh.list
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
root@host2:/home/vagrant# vim /etc/apt/sources.list.d/wazuh.list 
root@host2:/home/vagrant# systemctl stop filebeat
systemctl stop wazuh-dashboard
root@host2:/home/vagrant# apt-get install wazuh-manager
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
wazuh-manager is already the newest version (4.9.2-1).
0 upgraded, 0 newly installed, 0 to remove and 193 not upgraded.
root@host2:/home/vagrant# apt update
Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Get:2 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]        
Get:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]        
Get:5 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [501 kB]                   
Hit:6 http://archive.ubuntu.com/ubuntu noble-backports InRelease             
Get:7 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [701 kB]
Get:8 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [42.4 kB]
Get:9 http://security.ubuntu.com/ubuntu noble-security/main Translation-en [102 kB]                             
Get:10 http://archive.ubuntu.com/ubuntu noble-updates/main Translation-en [162 kB]
Get:11 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [727 kB]
Get:12 http://archive.ubuntu.com/ubuntu noble-updates/universe Translation-en [216 kB]
Fetched 2,721 kB in 2s (1,109 kB/s)                              
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
195 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@host2:/home/vagrant# apt-get install wazuh-manager
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  expect
The following packages will be upgraded:
  wazuh-manager
1 upgraded, 0 newly installed, 0 to remove and 194 not upgraded.
Need to get 353 MB of archives.
After this operation, 21.5 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.10.0-1 [353 MB]
Fetched 353 MB in 27s (13.0 MB/s)                                                                                                                                                                                 
(Reading database ... 173447 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.10.0-1_amd64.deb ...
Unpacking wazuh-manager (4.10.0-1) over (4.9.2-1) ...
Setting up wazuh-manager (4.10.0-1) ...
Scanning processes...                                                                                                                                                                                              
Scanning candidates...                                                                                                                                                                                             
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

Restarting services...
 systemctl restart vboxadd-service.service

Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart systemd-logind.service

No containers need to be restarted.

User sessions running outdated binaries:
 vagrant @ session #4: gpg-agent[2029], sshd[1776,1821]
 vagrant @ user manager service: systemd[1781]

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host2:/home/vagrant# curl -s https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module
wazuh/
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/module.yml
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
root@host2:/home/vagrant# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.10.0-rc1/extensions/elasticsearch/7.x/wazuh-template.json
chmod go+r /etc/filebeat/wazuh-template.json
root@host2:/home/vagrant# systemctl daemon-reload
systemctl enable filebeat
systemctl start filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
root@host2:/home/vagrant# filebeat setup --pipelines
filebeat setup --index-management -E output.logstash.enabled=false
Loaded Ingest pipelines
ILM policy and write alias loading not enabled.

Index setup finished.
root@host2:/home/vagrant# cp /etc/wazuh-dashboard/opensearch_dashboards.yml opensearch_dashboards.yml.bak
root@host2:/home/vagrant# apt-get install wazuh-dashboard
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be upgraded:
  wazuh-dashboard
1 upgraded, 0 newly installed, 0 to remove and 193 not upgraded.
Need to get 174 MB of archives.
After this operation, 21.4 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.10.0-1 [174 MB]
Fetched 174 MB in 20s (8,759 kB/s)                                                                                                                                                                                
(Reading database ... 173417 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.10.0-1_amd64.deb ...
Unpacking wazuh-dashboard (4.10.0-1) over (4.9.2-1) ...
Setting up wazuh-dashboard (4.10.0-1) ...
Scanning processes...                                                                                                                                                                                              
Scanning candidates...                                                                                                                                                                                             
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

Restarting services...
 systemctl restart vboxadd-service.service

Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart systemd-logind.service

No containers need to be restarted.

User sessions running outdated binaries:
 vagrant @ session #4: gpg-agent[2029], sshd[1776,1821]
 vagrant @ user manager service: systemd[1781]

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@host2:/home/vagrant# diff /etc/wazuh-dashboard/opensearch_dashboards.yml opensearch_dashboards.yml.bak 
root@host2:/home/vagrant# diff /etc/wazuh-dashboard/opensearch_dashboards.yml opensearch_dashboards.yml.bak | wc -l
0
root@host2:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-dashboard
systemctl start wazuh-dashboard

Monitor the upgrade process for any errors or warnings and document any that are encountered 🟢

• No differences between backup to apply manually

root@host2:/home/vagrant# diff /etc/wazuh-dashboard/opensearch_dashboards.yml opensearch_dashboards.yml.bak | wc -l
0

• No active request asked during dashboard installation
  

⚠️ Check that the installation does not hang and that there is no need to press enter to continue 🟢

Everything went as expected

[jnasselle]

4. Post-Upgrade Validation 🔴

After the upgrade, navigate through the UI to ensure that all components are functioning correctly 🔴

🔴 API version show v4.9.2 as version, even clicking on check version retrieve the same. After logging out and cleaning browser cache, the API version is no longer showed and a CTI error at status label appear

Verify again that both agents are connected to their respective nodes and are active post-upgrade. 🟢

Generate or simulate at least one alert from each agent to confirm that the alerting functionality is intact.

🟢

Same test executed during step 2

Verify that the configuration files weren't modified 🟢

• Host 1
  Expected files (indexer) contains the expected phrase

root@host1:/home/vagrant# for file in     /etc/wazuh-indexer/opensearch-security/config.yml     /etc/wazuh-indexer/jvm.options     /etc/wazuh-indexer/opensearch.yml     /etc/wazuh-indexer/opensearch-security/internal_users.yml     /etc/wazuh-indexer/opensearch-security/roles_mapping.yml     /etc/wazuh-indexer/opensearch-security/roles.yml     /etc/wazuh-dashboard/opensearch_dashboards.yml     /etc/default/wazuh-dashboard     /etc/wazuh-dashboard/opensearch_dashboards.keystore; do     grep -q "# This file should not be modified during the upgrade." "$file" && echo "PASSED: The phrase keeps appearing in: $file. The file has not been modified" || echo "FAILED: Missing phrase in $file. The file could have been modified"; done
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/config.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/jvm.options. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/internal_users.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/roles_mapping.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/roles.yml. The file has not been modified
grep: /etc/wazuh-dashboard/opensearch_dashboards.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-dashboard/opensearch_dashboards.yml. The file could have been modified
grep: /etc/default/wazuh-dashboard: No such file or directory
FAILED: Missing phrase in /etc/default/wazuh-dashboard. The file could have been modified
grep: /etc/wazuh-dashboard/opensearch_dashboards.keystore: No such file or directory
FAILED: Missing phrase in /etc/wazuh-dashboard/opensearch_dashboards.keystore. The file could have been modified

• Host 2
  Expected files (dashboard) contains the expected phrase

root@host2:/home/vagrant# for file in \
    /etc/wazuh-indexer/opensearch-security/config.yml \
    /etc/wazuh-indexer/jvm.options \
    /etc/wazuh-indexer/opensearch.yml \
    /etc/wazuh-indexer/opensearch-security/internal_users.yml \
    /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \
    /etc/wazuh-indexer/opensearch-security/roles.yml \
    /etc/wazuh-dashboard/opensearch_dashboards.yml \
    /etc/default/wazuh-dashboard \
    /etc/wazuh-dashboard/opensearch_dashboards.keystore; do
    grep -q "# This file should not be modified during the upgrade." "$file" && echo "PASSED: The phrase keeps appearing in: $file. The file has not been modified" || echo "FAILED: Missing phrase in $file. The file could have been modified"
done
grep: /etc/wazuh-indexer/opensearch-security/config.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/config.yml. The file could have been modified
grep: /etc/wazuh-indexer/jvm.options: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/jvm.options. The file could have been modified
grep: /etc/wazuh-indexer/opensearch.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch.yml. The file could have been modified
grep: /etc/wazuh-indexer/opensearch-security/internal_users.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/internal_users.yml. The file could have been modified
grep: /etc/wazuh-indexer/opensearch-security/roles_mapping.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/roles_mapping.yml. The file could have been modified
grep: /etc/wazuh-indexer/opensearch-security/roles.yml: No such file or directory
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/roles.yml. The file could have been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-dashboard/opensearch_dashboards.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/default/wazuh-dashboard. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-dashboard/opensearch_dashboards.keystore. The file has not been modified

[rauldpm]

The initial error reported in wazuh/wazuh-dashboard#440 seems to be a cache problem, the second one could be produced by the wazuh.yml being overwritten during the upgrade, the test with the modification does not change this file

Can you check if the wazuh.yml file has the correct password for the wazuh-wui user? A wrong password could lead to a problem in the connection with the Wazuh manager and the impossibility of checking for upgrades

[jnasselle]

My comments between the lines

The initial error reported in wazuh/wazuh-dashboard#440 seems to be a cache problem

As said at the issue: After cleaning the cache, the error is worse.
The idea is that the RCA is handled as the new issue and not part of this E2E test.

the second one could be produced by the wazuh.yml being overwritten during the upgrade, the test with the modification does not change this file

Can you check if the wazuh.yml file has the correct password for the wazuh-wui user? A wrong password could lead to a problem in the connection with the Wazuh manager and the impossibility of checking for upgrades

Sure

root@host2:/home/vagrant# tail -n 8 /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
hosts:
  - default:
      url: https://192.168.1.29
      port: 55000
      username: wazuh-wui
      password: KcIFIovRmAeUho.+shLUs3FJMu*0Pvaa
      run_as: false

The password was preserved and is the same one retrieved during the Securing your Wazuh installation step here.

Also, a wrong password here makes Wazuh API not accessible at all, a thing that was checked here.

[rauldpm]

Thanks @jnasselle, LGTM