-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug generating certificates using multiple DNS in the Wazuh manager #2371
Comments
This issue goes to On Hold due to wazuh/wazuh-ansible#1001 |
This issue goes to "Blocked" due to #2417. |
Update ReportThe line which was causing the
This line saves in a variable the nodes of the server by filtering them. The A simple check has been added in order to avoid this. Now, for the same root@ubuntu22:/home/vagrant# cat config.yml
nodes:
server:
- name: wazuh-server
ip: www.google.es
ip: localhost
ip: wikipedia.org
root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A -v
17/06/2024 16:11:51 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log
17/06/2024 16:11:51 DEBUG: Reading configuration file.
17/06/2024 16:11:52 ERROR: The DNS localhost is not valid.
root@ubuntu22:/home/vagrant# If all the DNSes specified are correct, the certificates are generated as expected: root@ubuntu22:/home/vagrant# cat config.yml
nodes:
server:
- name: wazuh-server
ip: www.google.es
ip: facebook.es
ip: wikipedia.org
root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A -v
17/06/2024 16:12:25 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log
17/06/2024 16:12:25 DEBUG: Reading configuration file.
17/06/2024 16:12:26 DEBUG: Checking if the root CA exists.
17/06/2024 16:12:26 INFO: Generating the root certificate.
17/06/2024 16:12:26 INFO: Generating Admin certificates.
17/06/2024 16:12:26 DEBUG: Generating Admin private key.
17/06/2024 16:12:26 DEBUG: Converting Admin private key to PKCS8 format.
17/06/2024 16:12:26 DEBUG: Generating Admin CSR.
17/06/2024 16:12:26 DEBUG: Creating Admin certificate.
17/06/2024 16:12:26 INFO: Admin certificates created.
17/06/2024 16:12:26 INFO: Generating Filebeat certificates.
17/06/2024 16:12:26 DEBUG: Generating the certificates for wazuh-server server node.
17/06/2024 16:12:26 DEBUG: Generating certificate configuration.
17/06/2024 16:12:26 DEBUG: Creating the Wazuh server tmp key pair.
17/06/2024 16:12:26 DEBUG: Creating the Wazuh server certificates.
17/06/2024 16:12:26 INFO: Wazuh Filebeat certificates created.
17/06/2024 16:12:26 DEBUG: Cleaning certificate files.
root@ubuntu22:/home/vagrant# ls wazuh-certificates/
admin-key.pem admin.pem root-ca.key root-ca.pem wazuh-server-key.pem wazuh-server.pem
root@ubuntu22:/home/vagrant# Also, this change does not affect when IPs are specified. It still working as expected: root@ubuntu22:/home/vagrant# cat config.yml
nodes:
server:
- name: wazuh-server
ip: 192.168.1.156
ip: 127.0.0.1
root@ubuntu22:/home/vagrant# bash wazuh-certs-tool.sh -A -v
17/06/2024 16:15:11 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log
17/06/2024 16:15:11 DEBUG: Reading configuration file.
17/06/2024 16:15:11 DEBUG: Checking if 192.168.1.156 is private.
17/06/2024 16:15:11 DEBUG: Checking if 127.0.0.1 is private.
17/06/2024 16:15:12 DEBUG: Checking if the root CA exists.
17/06/2024 16:15:12 INFO: Generating the root certificate.
17/06/2024 16:15:12 INFO: Generating Admin certificates.
17/06/2024 16:15:12 DEBUG: Generating Admin private key.
17/06/2024 16:15:12 DEBUG: Converting Admin private key to PKCS8 format.
17/06/2024 16:15:12 DEBUG: Generating Admin CSR.
17/06/2024 16:15:12 DEBUG: Creating Admin certificate.
17/06/2024 16:15:12 INFO: Admin certificates created.
17/06/2024 16:15:12 INFO: Generating Filebeat certificates.
17/06/2024 16:15:12 DEBUG: Generating the certificates for wazuh-server server node.
17/06/2024 16:15:12 DEBUG: Generating certificate configuration.
17/06/2024 16:15:12 DEBUG: Creating the Wazuh server tmp key pair.
17/06/2024 16:15:13 DEBUG: Creating the Wazuh server certificates.
17/06/2024 16:15:13 INFO: Wazuh Filebeat certificates created.
17/06/2024 16:15:13 DEBUG: Cleaning certificate files.
root@ubuntu22:/home/vagrant# |
In #2350, a new bug has been found while generating the certificates of the Wazuh server nodes when using multiple DNS.
If an invalid DNS is specified in the
config.yml
file (for example,localhost
), the script does not generate any error and its certificate is skipped, but the rest of them are created:The
config.yml
file, theserver
configuration:The certificates are created:
But, if the code is debugged, it seems that the invalid DNS is ignored:
On the other hand, if there is just one DNS specified, an error is generated and the certificates are not generated:
24/08/2023 12:21:59 ERROR: Invalid IP or DNS localhost
Tasks
The text was updated successfully, but these errors were encountered: