-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change the default user from wazuh to wazuh-wui when deploying. #1282
Labels
Comments
TestsThe default username and password were modified in the corresponding playbooks. A test is carried out with the same modifications of the attached PR, but on the root@master:/etc/ansible/roles# sudo git clone https://github.com/wazuh/wazuh-ansible.git
Cloning into 'wazuh-ansible'...
remote: Enumerating objects: 21362, done.
remote: Counting objects: 100% (2755/2755), done.
remote: Compressing objects: 100% (1081/1081), done.
remote: Total 21362 (delta 1463), reused 2441 (delta 1220), pack-reused 18607
Receiving objects: 100% (21362/21362), 6.56 MiB | 15.36 MiB/s, done.
Resolving deltas: 100% (13033/13033), done.
root@master:/etc/ansible/roles# cd wazuh-ansible/
root@master:/etc/ansible/roles/wazuh-ansible# git checkout test-api-user
Branch 'test-api-user' set up to track remote branch 'test-api-user' from 'origin'.
Switched to a new branch 'test-api-user'
Your branch is up to date with 'origin/test-api-user'.
root@master:/etc/ansible/roles/wazuh-ansible# tree roles -d
roles
├── elastic-stack
│ └── ansible-kibana
│ └── defaults
├── opendistro
│ └── opendistro-kibana
│ └── defaults
└── wazuh
├── ansible-filebeat
│ └── defaults
├── ansible-filebeat-oss
│ ├── defaults
│ ├── handlers
│ ├── meta
│ ├── tasks
│ └── templates
├── ansible-wazuh-agent
│ ├── defaults
│ ├── handlers
│ ├── meta
│ ├── tasks
│ └── templates
├── ansible-wazuh-manager
│ ├── defaults
│ ├── files
│ │ └── custom_ruleset
│ │ ├── decoders
│ │ └── rules
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
├── check-packages
│ ├── defaults
│ ├── files
│ ├── scripts
│ └── tasks
├── vars
├── wazuh-dashboard
│ ├── defaults
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
└── wazuh-indexer
├── defaults
├── handlers
├── meta
├── tasks
└── templates
50 directories
root@master:/etc/ansible/roles/wazuh-ansible# vi playbooks/wazuh-indexer-and-dashboard.yml
root@master:/etc/ansible/roles/wazuh-ansible# cd playbooks/
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# ansible-playbook wazuh-indexer-and-dashboard.yml -b -K
BECOME password:
PLAY [all_in_one] ***********************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] **************************************************************************************************************************************
ok: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***********************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] **********************************************************************************************************************
ok: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] **********************************************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] **********************************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *****************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ***************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update cache] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ****************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] **********************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] *********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] **************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ****************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_tasks] *************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] **************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] *******************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Index files to remove] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] **********************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***********************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] **********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **********************************************************************************************************************************************
skipping: [127.0.0.1]
PLAY [all_in_one] ***********************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] **************************************************************************************************************************************
ok: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***********************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] **********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] **********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] **********************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *****************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ***************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update cache] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ****************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] **********************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] *********************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] **************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ****************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_tasks] *************************************************************************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/wazuh-indexer/tasks/security_actions.yml for 127.0.0.1
TASK [../roles/wazuh/wazuh-indexer : Configure IP (Private address)] ********************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure IP (Public address)] *********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure Indexer certificates directory permissions.] ************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy the node & admin certificates to Wazuh indexer cluster] ***************************************************************************************************************
changed: [127.0.0.1] => (item=root-ca.pem)
changed: [127.0.0.1] => (item=root-ca.key)
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
changed: [127.0.0.1] => (item=admin-key.pem)
changed: [127.0.0.1] => (item=admin.pem)
TASK [../roles/wazuh/wazuh-indexer : Restart Wazuh indexer with security configuration] *************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy the Opensearch security internal users template] **********************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] *****************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ***********************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ***********************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] ****************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Initialize the Opensearch security index in Wazuh indexer] *****************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Create custom user] ********************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] **************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] *******************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Index files to remove] *****************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/batch_metrics_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 6, 'inode': 262190, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/performance_analyzer_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 5, 'inode': 262187, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/rca_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 5, 'inode': 262188, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] **********************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***********************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] **********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : RedHat/CentOS/Fedora | Add Wazuh dashboard repo] *************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Add apt repository signing key] ******************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Debian systems | Add Wazuh dashboard repo] *******************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *************************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Remove Dashboard configuration file] *************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Ensure Dashboard certificates directory permissions.] ********************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ********************************************************************************************************
changed: [127.0.0.1] => (item=root-ca.pem)
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] *************************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ********************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] *********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] *********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] ***********************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] ****************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] *********************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] ******************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] *****************************************************************************************************
skipping: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] ******************************************************************************************************************************************
changed: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] **************************************************************************************************************************************
changed: [127.0.0.1]
PLAY RECAP ******************************************************************************************************************************************************************************************************
127.0.0.1 : ok=58 changed=32 unreachable=0 failed=0 skipped=49 rescued=0 ignored=0
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 11:59:55 UTC; 4s ago
Docs: https://documentation.wazuh.com
Main PID: 10200 (java)
Tasks: 51 (limit: 9388)
Memory: 4.2G
CPU: 27.937s
CGroup: /system.slice/wazuh-indexer.service
└─10200 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headles>
May 21 11:59:43 master systemd[1]: Starting Wazuh-indexer...
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: A terminally deprecated method in java.lang.System has been called
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager will be removed in a future release
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: A terminally deprecated method in java.lang.System has been called
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager will be removed in a future release
May 21 11:59:55 master systemd[1]: Started Wazuh-indexer.
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 11:59:56 UTC; 17s ago
Main PID: 10451 (node)
Tasks: 11 (limit: 9388)
Memory: 237.2M
CPU: 4.721s
CGroup: /system.slice/wazuh-dashboard.service
└─10451 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_>
May 21 12:00:07 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:07Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
May 21 12:00:09 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:09Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Starting saved objects migrations"}
May 21 12:00:09 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:09Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Creating index .kibana_1."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Pointing alias .kibana to .kibana_1."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Finished in 174ms."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","plugins-system"],"pid":10451,"message":"Starting [44] plugins: [alertingDashboards,usageC>
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["listening","info"],"pid":10451,"message":"Server running at https://0.0.0.0:443"}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","http","server","OpenSearchDashboards"],"pid":10451,"message":"http server running at http>
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# vi wazuh-manager-oss.yml
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# ansible-playbook wazuh-manager-oss.yml -b -K
BECOME password:
PLAY [all_in_one] ******************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] *****************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] **************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] *****************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] **************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key] **************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Add Wazuh repositories] ***********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu] **********************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK-8 repo] ***********************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK 1.8] **************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenScap] *****************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Get OpenScap installed version] ***************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Check OpenScap version] ***********************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies to build from sources] *******************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install wazuh-manager] ************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Install expect] ***********************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Generate SSL files for authd] *********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Copy CA, SSL key and cert for authd] **************************************************************************
skipping: [127.0.0.1] => (item=)
skipping: [127.0.0.1] => (item=sslmanager.cert)
skipping: [127.0.0.1] => (item=sslmanager.key)
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old init authd service] *************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old systemd authd service] **********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Ensure ossec-authd service is disabled] ***********************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Removing old init authd services] *****************************************************************************
skipping: [127.0.0.1] => (item=/etc/init.d/ossec-authd)
skipping: [127.0.0.1] => (item=/lib/systemd/system/ossec-authd.service)
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_rules.xml (default local_rules.xml)] *****************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Adding local rules files] *************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_decoder.xml] *****************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Adding local decoders files] **********************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Configure the shared-agent.conf] ******************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_internal_options.conf] *******************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving Agentless Credentials] *****************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving authd Credentials] *********************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Check if syslog output is enabled] ****************************************************************************
skipping: [127.0.0.1] => (item={'server': None, 'port': None, 'format': None})
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Check if client-syslog is enabled] ****************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Enable client-syslog] *****************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Check if ossec-agentlessd is enabled] *************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Enable ossec-agentlessd] **************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Checking alert log output settings] ***************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Configure ossec.conf] *****************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Ossec-authd password] *****************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Copy create_user script] **************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Create admin.json] ********************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Execute create_user script] ***********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Agentless Hosts & Passwd] *************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Encode the secret] ********************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Ensure Wazuh Manager service is started and enabled.] *********************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Create agent groups] ******************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Run uninstall tasks] ******************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Remove Wazuh repository.] *********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)] *****************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] ******************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Elasticsearch apt key.] ********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Filebeat-oss repository.] ******************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Redhat] *************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Debian] *************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module folder file exists] ****************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] ******************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Unpack Filebeat module package] ********************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Setting 0755 permission for Filebeat module folder] ************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module package file exists] ***************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Delete Filebeat module package file] ***************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Copy Filebeat configuration.] **********************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Fetch latest Wazuh alerts template] ****************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat SSL key pair directory exists.] ****************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Copy the certificates from local to the Manager instance] ******************************************************
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
changed: [127.0.0.1] => (item=root-ca.pem)
TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat is started and enabled at boot.] ***************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)] **********************************
ok: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *****************************************************************************
changed: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] ***********************************************************************************
changed: [127.0.0.1]
PLAY RECAP *************************************************************************************************************************************************
127.0.0.1 : ok=50 changed=23 unreachable=0 failed=0 skipped=33 rescued=0 ignored=0
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 12:15:05 UTC; 15min ago
Process: 59276 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 141 (limit: 9388)
Memory: 321.1M
CPU: 35.598s
CGroup: /system.slice/wazuh-manager.service
├─59333 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59334 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59337 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59340 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59381 /var/ossec/bin/wazuh-authd
├─59397 /var/ossec/bin/wazuh-db
├─59421 /var/ossec/bin/wazuh-execd
├─59435 /var/ossec/bin/wazuh-analysisd
├─59496 /var/ossec/bin/wazuh-syscheckd
├─59511 /var/ossec/bin/wazuh-remoted
├─59543 /var/ossec/bin/wazuh-logcollector
├─59578 /var/ossec/bin/wazuh-monitord
└─59634 /var/ossec/bin/wazuh-modulesd
May 21 12:14:57 master env[59276]: Started wazuh-db...
May 21 12:14:58 master env[59276]: Started wazuh-execd...
May 21 12:14:59 master env[59276]: Started wazuh-analysisd...
May 21 12:14:59 master env[59276]: Started wazuh-syscheckd...
May 21 12:15:00 master env[59276]: Started wazuh-remoted...
May 21 12:15:01 master env[59276]: Started wazuh-logcollector...
May 21 12:15:02 master env[59276]: Started wazuh-monitord...
May 21 12:15:03 master env[59276]: Started wazuh-modulesd...
May 21 12:15:05 master env[59276]: Completed.
May 21 12:15:05 master systemd[1]: Started Wazuh manager.
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 12:15:05 UTC; 15min ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 60205 (filebeat)
Tasks: 9 (limit: 9388)
Memory: 9.5M
CPU: 159ms
CGroup: /system.slice/filebeat.service
└─60205 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /et>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.482Z INFO [publisher] pipeline/retry.go:219 retryer: send unwait si>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.482Z INFO [publisher] pipeline/retry.go:223 done
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.494Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.495Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.497Z INFO template/load.go:183 Existing template will be overwritten, as o>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.498Z INFO template/load.go:117 Try loading template wazuh to Elasticsearch
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.534Z INFO template/load.go:109 template with name 'wazuh' loaded.
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.534Z INFO [index-management] idxmgmt/std.go:298 Loaded index templa>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.537Z INFO [publisher_pipeline_output] pipeline/output.go:151 Connec>
May 21 12:21:12 master filebeat[60205]: 2024-05-21T12:21:12.807Z INFO log/harvester.go:333 File is inactive: /var/ossec/logs/alerts/al>
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# TOKEN=$(curl -s -u wazuh-wui:wazuh-wui -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
---
#
# Wazuh app - App configuration file
# Copyright (C) 2016, Wazuh Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-dashboard-plugins
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-4.x-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api : true
#checks.setup : true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci : true
#extensions.gdpr : true
#extensions.hipaa : true
#extensions.nist : true
#extensions.audit : true
#extensions.oscap : false
#extensions.ciscat : false
#extensions.aws : false
#extensions.virustotal: false
#extensions.osquery : false
#extensions.docker : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# ------------------------------ Advanced indices ------------------------------
#
# Configure .wazuh indices shards and replicas.
#wazuh.shards : 1
#wazuh.replicas : 0
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# -------------------------------- X-Pack RBAC ---------------------------------
#
# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
# Default: enabled
#xpack.rbac.enabled: true
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-4.x-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-4.x-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-4.x-*
#
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
# - <id>:
# url: http(s)://<url>
# port: <port>
# user: <user>
# password: <password>
hosts:
- default:
url: https://localhost
port: 55000
username: wazuh-wui
password: "wazuh-wui"
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# The Wazuh dashboard connection is verified using the Wazuh API: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Related: wazuh/wazuh#22751 (comment)
We have found that the user established on the
wazuh.yml
file iswazuh
for the Ansible deployment.As seen on the documentation the user by default on the
wazuh.yml
file in the step-by-step installation iswazuh-wui
.The objective of this issue is to unify users to follow the same guidelines.
Tasks
wazuh.yml
towazuh-wui
.The text was updated successfully, but these errors were encountered: