From a3df0b5bd2332f6f5bb958763f5c22dc768de213 Mon Sep 17 00:00:00 2001 From: joren Date: Fri, 21 Feb 2025 08:44:38 +0100 Subject: [PATCH] Update to 4.11 --- custom_cert.patch | 29 + wazuh-install.sh | 2830 ++++++++++++++++++++++----------------------- 2 files changed, 1431 insertions(+), 1428 deletions(-) create mode 100644 custom_cert.patch diff --git a/custom_cert.patch b/custom_cert.patch new file mode 100644 index 0000000..939ca41 --- /dev/null +++ b/custom_cert.patch @@ -0,0 +1,29 @@ +diff --git a/wazuh-install.sh b/wazuh-install.sh +index d6baf0a..c1dc598 100644 +--- a/wazuh-install.sh ++++ b/wazuh-install.sh +@@ -4013,10 +4013,20 @@ function cert_generateDashboardcertificates() { + + } + function cert_generateRootCAcertificate() { +- +- common_logger "Generating the root certificate." +- cert_executeAndValidate "openssl req -x509 -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/root-ca.key -out ${cert_tmp_path}/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650" +- ++ common_logger "Checking for an existing root certificate." ++ ++ # Define expected file names ++ existing_ca_key="root-ca.key" ++ existing_ca_cert="root-ca.pem" ++ ++ if [[ -f "./$existing_ca_key" && -f "./$existing_ca_cert" ]]; then ++ common_logger "Existing root certificate found. Copying to target paths." ++ cp "./$existing_ca_key" "${cert_tmp_path}/root-ca.key" ++ cp "./$existing_ca_cert" "${cert_tmp_path}/root-ca.pem" ++ else ++ common_logger "No existing root certificate found. Generating a new one." ++ cert_executeAndValidate "openssl req -x509 -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/root-ca.key -out ${cert_tmp_path}/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650" ++ fi + } + function cert_parseYaml() { + diff --git a/wazuh-install.sh b/wazuh-install.sh index c1dc598..56e1004 100644 --- a/wazuh-install.sh +++ b/wazuh-install.sh @@ -10,11 +10,12 @@ adminpem="/etc/wazuh-indexer/certs/admin.pem" adminkey="/etc/wazuh-indexer/certs/admin-key.pem" -readonly wazuh_major="4.10" -readonly wazuh_version="4.10.1" +readonly wazuh_major="4.11" +readonly wazuh_version="4.11.0" readonly filebeat_version="7.10.2" readonly wazuh_install_vesion="0.1" source_branch="v${wazuh_version}" +last_stage="rc1" repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH" repobaseurl="https://packages.wazuh.com/4.x" reporelease="stable" @@ -67,151 +68,6 @@ readonly dashboard_apt_dependencies=( debhelper tar curl libcap2-bin gnupg apt-t readonly wia_offline_dependencies=( curl tar gnupg openssl lsof ) wia_dependencies_installed=() -config_file_indexer_roles_roles_mapping="--- -# In this file users, backendroles and hosts can be mapped to Open Distro Security roles. -# Permissions for Opendistro roles are configured in roles.yml - -_meta: - type: \"rolesmapping\" - config_version: 2 - -# Define your roles mapping here - -## Default roles mapping - -all_access: - reserved: true - hidden: false - backend_roles: - - \"admin\" - hosts: [] - users: [] - and_backend_roles: [] - description: \"Maps admin to all_access\" - -own_index: - reserved: false - hidden: false - backend_roles: [] - hosts: [] - users: - - \"*\" - and_backend_roles: [] - description: \"Allow full access to an index named like the username\" - -logstash: - reserved: false - hidden: false - backend_roles: - - \"logstash\" - hosts: [] - users: [] - and_backend_roles: [] - -readall: - reserved: true - hidden: false - backend_roles: - - \"readall\" - hosts: [] - users: [] - and_backend_roles: [] - -manage_snapshots: - reserved: true - hidden: false - backend_roles: - - \"snapshotrestore\" - hosts: [] - users: [] - and_backend_roles: [] - -kibana_server: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - \"kibanaserver\" - and_backend_roles: [] - -kibana_user: - reserved: false - hidden: false - backend_roles: - - \"kibanauser\" - hosts: [] - users: [] - and_backend_roles: [] - description: \"Maps kibanauser to kibana_user\" - -# Wazuh monitoring and statistics index permissions -manage_wazuh_index: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - \"kibanaserver\" - and_backend_roles: []" - -config_file_indexer_roles_internal_users="--- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: \"internalusers\" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: \"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\" - reserved: true - backend_roles: - - \"admin\" - description: \"Demo admin user\" - -kibanaserver: - hash: \"\$2a\$12\$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.\" - reserved: true - description: \"Demo kibanaserver user\" - -kibanaro: - hash: \"\$2a\$12\$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC\" - reserved: false - backend_roles: - - \"kibanauser\" - - \"readall\" - attributes: - attribute1: \"value1\" - attribute2: \"value2\" - attribute3: \"value3\" - description: \"Demo kibanaro user\" - -logstash: - hash: \"\$2a\$12\$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2\" - reserved: false - backend_roles: - - \"logstash\" - description: \"Demo logstash user\" - -readall: - hash: \"\$2a\$12\$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2\" - reserved: false - backend_roles: - - \"readall\" - description: \"Demo readall user\" - -snapshotrestore: - hash: \"\$2y\$12\$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W\" - reserved: false - backend_roles: - - \"snapshotrestore\" - description: \"Demo snapshotrestore user\"" - config_file_indexer_roles_roles="_meta: type: \"roles\" config_version: 2 @@ -362,27 +218,164 @@ manage_wazuh_index: tenant_permissions: [] static: false" -config_file_indexer_indexer_assistant_distributed="node.master: true -node.data: true -node.ingest: true +config_file_indexer_roles_internal_users="--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh -cluster.name: wazuh-indexer-cluster -cluster.routing.allocation.disk.threshold_enabled: false +_meta: + type: \"internalusers\" + config_version: 2 -node.max_local_storage_nodes: \"3\" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer +# Define your internal users here +## Demo users + +admin: + hash: \"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\" + reserved: true + backend_roles: + - \"admin\" + description: \"Demo admin user\" + +kibanaserver: + hash: \"\$2a\$12\$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.\" + reserved: true + description: \"Demo kibanaserver user\" + +kibanaro: + hash: \"\$2a\$12\$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC\" + reserved: false + backend_roles: + - \"kibanauser\" + - \"readall\" + attributes: + attribute1: \"value1\" + attribute2: \"value2\" + attribute3: \"value3\" + description: \"Demo kibanaro user\" + +logstash: + hash: \"\$2a\$12\$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2\" + reserved: false + backend_roles: + - \"logstash\" + description: \"Demo logstash user\" + +readall: + hash: \"\$2a\$12\$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2\" + reserved: false + backend_roles: + - \"readall\" + description: \"Demo readall user\" + +snapshotrestore: + hash: \"\$2y\$12\$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W\" + reserved: false + backend_roles: + - \"snapshotrestore\" + description: \"Demo snapshotrestore user\"" + +config_file_indexer_roles_roles_mapping="--- +# In this file users, backendroles and hosts can be mapped to Open Distro Security roles. +# Permissions for Opendistro roles are configured in roles.yml + +_meta: + type: \"rolesmapping\" + config_version: 2 + +# Define your roles mapping here + +## Default roles mapping + +all_access: + reserved: true + hidden: false + backend_roles: + - \"admin\" + hosts: [] + users: [] + and_backend_roles: [] + description: \"Maps admin to all_access\" + +own_index: + reserved: false + hidden: false + backend_roles: [] + hosts: [] + users: + - \"*\" + and_backend_roles: [] + description: \"Allow full access to an index named like the username\" + +logstash: + reserved: false + hidden: false + backend_roles: + - \"logstash\" + hosts: [] + users: [] + and_backend_roles: [] + +readall: + reserved: true + hidden: false + backend_roles: + - \"readall\" + hosts: [] + users: [] + and_backend_roles: [] + +manage_snapshots: + reserved: true + hidden: false + backend_roles: + - \"snapshotrestore\" + hosts: [] + users: [] + and_backend_roles: [] + +kibana_server: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - \"kibanaserver\" + and_backend_roles: [] + +kibana_user: + reserved: false + hidden: false + backend_roles: + - \"kibanauser\" + hosts: [] + users: [] + and_backend_roles: [] + description: \"Maps kibanauser to kibana_user\" + +# Wazuh monitoring and statistics index permissions +manage_wazuh_index: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - \"kibanaserver\" + and_backend_roles: []" + +config_file_indexer_indexer="network.host: 0.0.0.0 +node.name: node-1 +cluster.initial_master_nodes: node-1 -plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false +plugins.security.ssl.http.enabled: true +plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem +plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem plugins.security.ssl.http.enabled_ciphers: - \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\" - \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\" @@ -390,16 +383,19 @@ plugins.security.ssl.http.enabled_ciphers: - \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\" plugins.security.ssl.http.enabled_protocols: - \"TLSv1.2\" +plugins.security.nodes_dn: +- CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US plugins.security.authcz.admin_dn: -- \"CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US\" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.restapi.roles_enabled: -- \"all_access\" -- \"security_rest_api_access\" +- CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [\".opendistro-alerting-config\", \".opendistro-alerting-alert*\", \".opendistro-anomaly-results*\", \".opendistro-anomaly-detector*\", \".opendistro-anomaly-checkpoints\", \".opendistro-anomaly-detection-state\", \".opendistro-reports-*\", \".opendistro-notifications-*\", \".opendistro-notebooks\", \".opensearch-observability\", \".opendistro-asynchronous-search-response*\", \".replication-metadata-store\"] +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 + +path.data: /var/lib/elasticsearch +path.logs: /var/log/elasticsearch ### Option to allow Filebeat-oss 7.10.2 to work ### compatibility.override_main_response_version: true" @@ -446,19 +442,27 @@ plugins.security.system_indices.indices: [\".opendistro-alerting-config\", \".op ### Option to allow Filebeat-oss 7.10.2 to work ### compatibility.override_main_response_version: true" -config_file_indexer_indexer="network.host: 0.0.0.0 -node.name: node-1 -cluster.initial_master_nodes: node-1 +config_file_indexer_indexer_assistant_distributed="node.master: true +node.data: true +node.ingest: true + +cluster.name: wazuh-indexer-cluster +cluster.routing.allocation.disk.threshold_enabled: false + +node.max_local_storage_nodes: \"3\" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer + -plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.ssl.http.enabled: true plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem +plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false plugins.security.ssl.http.enabled_ciphers: - \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\" - \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\" @@ -466,19 +470,16 @@ plugins.security.ssl.http.enabled_ciphers: - \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\" plugins.security.ssl.http.enabled_protocols: - \"TLSv1.2\" -plugins.security.nodes_dn: -- CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US plugins.security.authcz.admin_dn: -- CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US - -plugins.security.enable_snapshot_restore_privilege: true +- \"CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US\" plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"] -cluster.routing.allocation.disk.threshold_enabled: false -node.max_local_storage_nodes: 3 +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.restapi.roles_enabled: +- \"all_access\" +- \"security_rest_api_access\" -path.data: /var/lib/elasticsearch -path.logs: /var/log/elasticsearch +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [\".opendistro-alerting-config\", \".opendistro-alerting-alert*\", \".opendistro-anomaly-results*\", \".opendistro-anomaly-detector*\", \".opendistro-anomaly-checkpoints\", \".opendistro-anomaly-detection-state\", \".opendistro-reports-*\", \".opendistro-notifications-*\", \".opendistro-notebooks\", \".opensearch-observability\", \".opendistro-asynchronous-search-response*\", \".replication-metadata-store\"] ### Option to allow Filebeat-oss 7.10.2 to work ### compatibility.override_main_response_version: true" @@ -499,9 +500,9 @@ opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem server.defaultRoute: /app/wz-home opensearch_security.cookie.secure: true" -config_file_dashboard_dashboard_all_in_one="server.host: 0.0.0.0 +config_file_dashboard_dashboard_assistant="server.host: 0.0.0.0 +opensearch.hosts: https://127.0.0.1:9200 server.port: 443 -opensearch.hosts: https://localhost:9200 opensearch.ssl.verificationMode: certificate # opensearch.username: kibanaserver # opensearch.password: kibanaserver @@ -509,8 +510,8 @@ opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] server.ssl.enabled: true -server.ssl.key: \"/etc/wazuh-dashboard/certs/kibana-key.pem\" -server.ssl.certificate: \"/etc/wazuh-dashboard/certs/kibana.pem\" +server.ssl.key: \"/etc/wazuh-dashboard/certs/dashboard-key.pem\" +server.ssl.certificate: \"/etc/wazuh-dashboard/certs/dashboard.pem\" opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] uiSettings.overrides.defaultRoute: /app/wz-home opensearch_security.cookie.secure: true" @@ -529,9 +530,9 @@ opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem uiSettings.overrides.defaultRoute: /app/wz-home opensearch_security.cookie.secure: true" -config_file_dashboard_dashboard_assistant="server.host: 0.0.0.0 -opensearch.hosts: https://127.0.0.1:9200 +config_file_dashboard_dashboard_all_in_one="server.host: 0.0.0.0 server.port: 443 +opensearch.hosts: https://localhost:9200 opensearch.ssl.verificationMode: certificate # opensearch.username: kibanaserver # opensearch.password: kibanaserver @@ -539,19 +540,15 @@ opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] server.ssl.enabled: true -server.ssl.key: \"/etc/wazuh-dashboard/certs/dashboard-key.pem\" -server.ssl.certificate: \"/etc/wazuh-dashboard/certs/dashboard.pem\" +server.ssl.key: \"/etc/wazuh-dashboard/certs/kibana-key.pem\" +server.ssl.certificate: \"/etc/wazuh-dashboard/certs/kibana.pem\" opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] uiSettings.overrides.defaultRoute: /app/wz-home opensearch_security.cookie.secure: true" -config_file_filebeat_filebeat_assistant="# Wazuh - Filebeat configuration file -output.elasticsearch.hosts: - - 127.0.0.1:9200 -# - :9200 -# - :9200 - +config_file_filebeat_filebeat="# Wazuh - Filebeat configuration file output.elasticsearch: + hosts: [\":9200\"] protocol: https username: \${username} password: \${password} @@ -572,14 +569,6 @@ filebeat.modules: archives: enabled: false -logging.level: info -logging.to_files: true -logging.files: - path: /var/log/filebeat - name: filebeat - keepfiles: 7 - permissions: 0644 - logging.metrics.enabled: false seccomp: @@ -660,9 +649,13 @@ seccomp: names: - rseq" -config_file_filebeat_filebeat="# Wazuh - Filebeat configuration file +config_file_filebeat_filebeat_assistant="# Wazuh - Filebeat configuration file +output.elasticsearch.hosts: + - 127.0.0.1:9200 +# - :9200 +# - :9200 + output.elasticsearch: - hosts: [\":9200\"] protocol: https username: \${username} password: \${password} @@ -683,6 +676,14 @@ filebeat.modules: archives: enabled: false +logging.level: info +logging.to_files: true +logging.files: + path: /var/log/filebeat + name: filebeat + keepfiles: 7 + permissions: 0644 + logging.metrics.enabled: false seccomp: @@ -764,6 +765,1062 @@ config_file_certificate_config_aio="nodes: trap installCommon_cleanExit SIGINT export JAVA_HOME="/usr/share/wazuh-indexer/jdk/" +# ------------ installMain.sh ------------ +function getHelp() { + + echo -e "" + echo -e "NAME" + echo -e " $(basename "$0") - Install and configure Wazuh central components: Wazuh server, Wazuh indexer, and Wazuh dashboard." + echo -e "" + echo -e "SYNOPSIS" + echo -e " $(basename "$0") [OPTIONS] -a | -c | -s | -wi | -wd | -ws " + echo -e "" + echo -e "DESCRIPTION" + echo -e " -a, --all-in-one" + echo -e " Install and configure Wazuh server, Wazuh indexer, Wazuh dashboard." + echo -e "" + echo -e " -c, --config-file " + echo -e " Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script." + echo -e "" + echo -e " -d [pre-release|staging], --development" + echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." + echo -e "" + echo -e " -dw, --download-wazuh " + echo -e " Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)" + echo -e "" + echo -e " -fd, --force-install-dashboard" + echo -e " Force Wazuh dashboard installation to continue even when it is not capable of connecting to the Wazuh indexer." + echo -e "" + echo -e " -g, --generate-config-files" + echo -e " Generate wazuh-install-files.tar file containing the files that will be needed for installation from config.yml. In distributed deployments you will need to copy this file to all hosts." + echo -e "" + echo -e " -h, --help" + echo -e " Display this help and exit." + echo -e "" + echo -e " -i, --ignore-check" + echo -e " Ignore the check for minimum hardware requirements." + echo -e "" + echo -e " -o, --overwrite" + echo -e " Overwrites previously installed components. This will erase all the existing configuration and data." + echo -e "" + echo -e " -of, --offline-installation" + echo -e " Perform an offline installation. This option must be used with -a, -ws, -s, -wi, or -wd." + echo -e "" + echo -e " -p, --port" + echo -e " Specifies the Wazuh web user interface port. By default is the 443 TCP port. Recommended ports are: 8443, 8444, 8080, 8888, 9000." + echo -e "" + echo -e " -s, --start-cluster" + echo -e " Initialize Wazuh indexer cluster security settings." + echo -e "" + echo -e " -t, --tar " + echo -e " Path to tar file containing certificate files. By default, the Wazuh installation assistant will search for a file named wazuh-install-files.tar in the same path as the script." + echo -e "" + echo -e " -u, --uninstall" + echo -e " Uninstalls all Wazuh components. This will erase all the existing configuration and data." + echo -e "" + echo -e " -v, --verbose" + echo -e " Shows the complete installation output." + echo -e "" + echo -e " -V, --version" + echo -e " Shows the version of the script and Wazuh packages." + echo -e "" + echo -e " -wd, --wazuh-dashboard " + echo -e " Install and configure Wazuh dashboard, used for distributed deployments." + echo -e "" + echo -e " -wi, --wazuh-indexer " + echo -e " Install and configure Wazuh indexer, used for distributed deployments." + echo -e "" + echo -e " -ws, --wazuh-server " + echo -e " Install and configure Wazuh manager and Filebeat, used for distributed deployments." + exit 1 + +} +function main() { + umask 177 + + if [ -z "${1}" ]; then + getHelp + fi + + while [ -n "${1}" ] + do + case "${1}" in + "-a"|"--all-in-one") + AIO=1 + shift 1 + ;; + "-c"|"--config-file") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -c|--config-file" + getHelp + exit 1 + fi + file_conf=1 + config_file="${2}" + shift 2 + ;; + "-d"|"--development") + development=1 + if [ -n "${2}" ] && [[ ! "${2}" =~ ^- ]]; then + if [ "${2}" = "pre-release" ] || [ "${2}" = "staging" ]; then + devrepo="${2}" + else + common_logger -e "Error: Invalid value '${2}' after -d|--development. Accepted values are 'pre-release' or 'staging'." + getHelp + exit 1 + fi + shift 2 + else + devrepo="pre-release" + shift 1 + fi + checks_development_source_tag + repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" + repobaseurl="https://packages-dev.wazuh.com/${devrepo}" + reporelease="unstable" + filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json" + filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" + bucket="packages-dev.wazuh.com" + repository="${devrepo}" + ;; + + "-fd"|"--force-install-dashboard") + force=1 + shift 1 + ;; + "-g"|"--generate-config-files") + configurations=1 + shift 1 + ;; + "-h"|"--help") + getHelp + ;; + "-i"|"--ignore-check") + ignore=1 + shift 1 + ;; + "-o"|"--overwrite") + overwrite=1 + shift 1 + ;; + "-of"|"--offline-installation") + offline_install=1 + shift 1 + ;; + "-p"|"--port") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -p|--port" + getHelp + exit 1 + fi + port_specified=1 + port_number="${2}" + shift 2 + ;; + "-s"|"--start-cluster") + start_indexer_cluster=1 + shift 1 + ;; + "-t"|"--tar") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -t|--tar" + getHelp + exit 1 + fi + tar_conf=1 + tar_file="${2}" + shift 2 + ;; + "-u"|"--uninstall") + uninstall=1 + shift 1 + ;; + "-v"|"--verbose") + debugEnabled=1 + debug="2>&1 | tee -a ${logfile}" + shift 1 + ;; + "-V"|"--version") + showVersion=1 + shift 1 + ;; + "-wd"|"--wazuh-dashboard") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -wd|---wazuh-dashboard" + getHelp + exit 1 + fi + dashboard=1 + dashname="${2}" + shift 2 + ;; + "-wi"|"--wazuh-indexer") + if [ -z "${2}" ]; then + common_logger -e "Arguments contain errors. Probably missing after -wi|--wazuh-indexer." + getHelp + exit 1 + fi + indexer=1 + indxname="${2}" + shift 2 + ;; + "-ws"|"--wazuh-server") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -ws|--wazuh-server" + getHelp + exit 1 + fi + wazuh=1 + winame="${2}" + shift 2 + ;; + "-dw"|"--download-wazuh") + if [ "${2}" != "deb" ] && [ "${2}" != "rpm" ]; then + common_logger -e "Error on arguments. Probably missing after -dw|--download-wazuh" + getHelp + exit 1 + fi + download=1 + package_type="${2}" + shift 2 + ;; + *) + echo "Unknow option: ${1}" + getHelp + esac + done + + cat /dev/null > "${logfile}" + + if [ -z "${download}" ] && [ -z "${showVersion}" ]; then + common_checkRoot + fi + + if [ -n "${showVersion}" ]; then + common_logger "Wazuh version: ${wazuh_version}" + common_logger "Filebeat version: ${filebeat_version}" + common_logger "Wazuh installation assistant version: ${wazuh_install_vesion}" + exit 0 + fi + + common_logger "Starting Wazuh installation assistant. Wazuh version: ${wazuh_version} (x86_64/AMD64)" + common_logger "Verbose logging redirected to ${logfile}" + +# -------------- Uninstall case ------------------------------------ + + common_checkSystem + + if [ -z "${download}" ]; then + check_dist + fi + + if [ -z "${uninstall}" ] && [ -z "${offline_install}" ]; then + installCommon_installCheckDependencies + elif [ -n "${offline_install}" ]; then + offline_checkPrerequisites "wia_offline_dependencies" "${wia_offline_dependencies[@]}" + fi + + common_checkInstalled + checks_arguments + if [ -n "${development}" ]; then + checks_filebeatURL + fi + if [ -n "${uninstall}" ]; then + installCommon_rollBack + exit 0 + fi + + checks_arch + if [ -n "${ignore}" ]; then + common_logger -w "Hardware checks ignored." + else + common_logger "Verifying that your system meets the recommended minimum hardware requirements." + checks_health + fi + +# -------------- Preliminary checks and Prerequisites -------------------------------- + + if [ -z "${configurations}" ] && [ -z "${AIO}" ] && [ -z "${download}" ]; then + checks_previousCertificate + fi + + if [ -n "${port_specified}" ]; then + checks_available_port "${port_number}" "${wazuh_aio_ports[@]}" + dashboard_changePort "${port_number}" + elif [ -n "${AIO}" ] || [ -n "${dashboard}" ]; then + dashboard_changePort "${http_port}" + fi + + if [ -n "${AIO}" ]; then + rm -f "${tar_file}" + checks_ports "${wazuh_aio_ports[@]}" + installCommon_installPrerequisites "AIO" + fi + + if [ -n "${indexer}" ]; then + checks_ports "${wazuh_indexer_ports[@]}" + installCommon_installPrerequisites "indexer" + fi + + if [ -n "${wazuh}" ]; then + checks_ports "${wazuh_manager_ports[@]}" + installCommon_installPrerequisites "wazuh" + fi + + if [ -n "${dashboard}" ]; then + checks_ports "${wazuh_dashboard_port}" + installCommon_installPrerequisites "dashboard" + fi + + +# -------------- Wazuh repo ---------------------- + + # Offline installation case: extract the compressed files + if [ -n "${offline_install}" ]; then + offline_checkPreinstallation + offline_extractFiles + offline_importGPGKey + fi + + if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then + check_curlVersion + if [ -z "${offline_install}" ]; then + installCommon_addWazuhRepo + fi + fi + +# -------------- Configuration creation case ----------------------- + + # Creation certificate case: Only AIO and -g option can create certificates. + if [ -n "${configurations}" ] || [ -n "${AIO}" ]; then + common_logger "--- Configuration files ---" + installCommon_createInstallFiles + fi + + if [ -z "${configurations}" ] && [ -z "${download}" ]; then + installCommon_extractConfig + config_file="/tmp/wazuh-install-files/config.yml" + cert_readConfig + fi + + # Distributed architecture: node names must be different + if [[ -z "${AIO}" && -z "${download}" && ( -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" ) ]]; then + checks_names + fi + + if [ -n "${configurations}" ]; then + installCommon_removeWIADependencies + fi + +# -------------- Wazuh indexer case ------------------------------- + + if [ -n "${indexer}" ]; then + common_logger "--- Wazuh indexer ---" + indexer_install + indexer_configure + installCommon_startService "wazuh-indexer" + indexer_initialize + installCommon_removeWIADependencies + fi + +# -------------- Start Wazuh indexer cluster case ------------------ + + if [ -n "${start_indexer_cluster}" ]; then + indexer_startCluster + installCommon_changePasswords + installCommon_removeWIADependencies + fi + +# -------------- Wazuh dashboard case ------------------------------ + + if [ -n "${dashboard}" ]; then + common_logger "--- Wazuh dashboard ----" + dashboard_install + dashboard_configure + installCommon_startService "wazuh-dashboard" + installCommon_changePasswords + dashboard_initialize + installCommon_removeWIADependencies + + fi + +# -------------- Wazuh server case --------------------------------------- + + if [ -n "${wazuh}" ]; then + common_logger "--- Wazuh server ---" + manager_install + manager_configure + if [ -n "${server_node_types[*]}" ]; then + manager_startCluster + fi + installCommon_startService "wazuh-manager" + filebeat_install + filebeat_configure + installCommon_changePasswords + installCommon_startService "filebeat" + installCommon_removeWIADependencies + fi + +# -------------- AIO case ------------------------------------------ + + if [ -n "${AIO}" ]; then + + common_logger "--- Wazuh indexer ---" + indexer_install + indexer_configure + installCommon_startService "wazuh-indexer" + indexer_initialize + common_logger "--- Wazuh server ---" + manager_install + manager_configure + installCommon_startService "wazuh-manager" + filebeat_install + filebeat_configure + installCommon_startService "filebeat" + common_logger "--- Wazuh dashboard ---" + dashboard_install + dashboard_configure + installCommon_startService "wazuh-dashboard" + installCommon_changePasswords + dashboard_initializeAIO + installCommon_removeWIADependencies + + fi + +# -------------- Offline case ------------------------------------------ + + if [ -n "${download}" ]; then + common_logger "--- Download Packages ---" + offline_download + fi + + +# ------------------------------------------------------------------- + + if [ -z "${configurations}" ] && [ -z "${download}" ] && [ -z "${offline_install}" ]; then + installCommon_restoreWazuhrepo + fi + + if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then + eval "rm -rf /tmp/wazuh-install-files ${debug}" + common_logger "Installation finished." + elif [ -n "${start_indexer_cluster}" ]; then + common_logger "Wazuh indexer cluster started." + fi + +} + +# ------------ indexer.sh ------------ +function indexer_configure() { + + common_logger -d "Configuring Wazuh indexer." + eval "export JAVA_HOME=/usr/share/wazuh-indexer/jdk/" + + # Configure JVM options for Wazuh indexer + ram_gb=$(free -m | awk 'FNR == 2 {print $2}') + ram="$(( ram_mb / 2 ))" + + if [ "${ram}" -eq "0" ]; then + ram=1024; + fi + eval "sed -i "s/-Xms1g/-Xms${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" + eval "sed -i "s/-Xmx1g/-Xmx${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" + + if [ -n "${AIO}" ]; then + eval "installCommon_getConfig indexer/indexer_all_in_one.yml /etc/wazuh-indexer/opensearch.yml ${debug}" + else + eval "installCommon_getConfig indexer/indexer_assistant_distributed.yml /etc/wazuh-indexer/opensearch.yml ${debug}" + if [ "${#indexer_node_names[@]}" -eq 1 ]; then + pos=0 + { + echo "node.name: ${indxname}" + echo "network.host: ${indexer_node_ips[0]}" + echo "cluster.initial_master_nodes: ${indxname}" + echo "plugins.security.nodes_dn:" + echo ' - CN='"${indxname}"',OU=Wazuh,O=Wazuh,L=California,C=US' + } >> /etc/wazuh-indexer/opensearch.yml + else + echo "node.name: ${indxname}" >> /etc/wazuh-indexer/opensearch.yml + echo "cluster.initial_master_nodes:" >> /etc/wazuh-indexer/opensearch.yml + for i in "${indexer_node_names[@]}"; do + echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml + done + + echo "discovery.seed_hosts:" >> /etc/wazuh-indexer/opensearch.yml + for i in "${indexer_node_ips[@]}"; do + echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml + done + + for i in "${!indexer_node_names[@]}"; do + if [[ "${indexer_node_names[i]}" == "${indxname}" ]]; then + pos="${i}"; + fi + done + + echo "network.host: ${indexer_node_ips[pos]}" >> /etc/wazuh-indexer/opensearch.yml + + echo "plugins.security.nodes_dn:" >> /etc/wazuh-indexer/opensearch.yml + for i in "${indexer_node_names[@]}"; do + echo " - CN=${i},OU=Wazuh,O=Wazuh,L=California,C=US" >> /etc/wazuh-indexer/opensearch.yml + done + fi + fi + + indexer_copyCertificates + + jv=$(java -version 2>&1 | grep -o -m1 '1.8.0' ) + if [ "$jv" == "1.8.0" ]; then + { + echo "wazuh-indexer hard nproc 4096" + echo "wazuh-indexer soft nproc 4096" + echo "wazuh-indexer hard nproc 4096" + echo "wazuh-indexer soft nproc 4096" + } >> /etc/security/limits.conf + echo -ne "\nbootstrap.system_call_filter: false" >> /etc/wazuh-indexer/opensearch.yml + fi + + common_logger "Wazuh indexer post-install configuration finished." +} +function indexer_copyCertificates() { + + common_logger -d "Copying Wazuh indexer certificates." + eval "rm -f ${indexer_cert_path}/* ${debug}" + name=${indexer_node_names[pos]} + + if [ -f "${tar_file}" ]; then + if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then + common_logger -e "Tar file does not contain certificate for the node ${name}." + installCommon_rollBack + exit 1; + fi + eval "mkdir ${indexer_cert_path} ${debug}" + eval "sed -i s/indexer.pem/${name}.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" + eval "sed -i s/indexer-key.pem/${name}-key.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin-key.pem --strip-components 1 ${debug}" + eval "rm -rf ${indexer_cert_path}/wazuh-install-files/ ${debug}" + eval "chown -R wazuh-indexer:wazuh-indexer ${indexer_cert_path} ${debug}" + eval "chmod 500 ${indexer_cert_path} ${debug}" + eval "chmod 400 ${indexer_cert_path}/* ${debug}" + else + common_logger -e "No certificates found. Could not initialize Wazuh indexer" + installCommon_rollBack + exit 1; + fi + +} +function indexer_initialize() { + + common_logger "Initializing Wazuh indexer cluster security settings." + eval "common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null" + e_code="${PIPESTATUS[0]}" + + if [ "${e_code}" -ne "0" ]; then + common_logger -e "Cannot initialize Wazuh indexer cluster." + installCommon_rollBack + exit 1 + fi + + if [ -n "${AIO}" ]; then + eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert ${indexer_cert_path}/root-ca.pem -cert ${indexer_cert_path}/admin.pem -key ${indexer_cert_path}/admin-key.pem -h 127.0.0.1 ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh indexer cluster security configuration initialized." + fi + fi + + if [ "${#indexer_node_names[@]}" -eq 1 ] && [ -z "${AIO}" ]; then + installCommon_changePasswords + fi + + common_logger "Wazuh indexer cluster initialized." + +} +function indexer_install() { + + common_logger "Starting Wazuh indexer installation." + + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "wazuh-indexer" "${wazuh_version}-*" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "wazuh-indexer" "${wazuh_version}-*" + fi + + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${indexer_installed}" ]; then + common_logger -e "Wazuh indexer installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh indexer installation finished." + fi + + eval "sysctl -q -w vm.max_map_count=262144 ${debug}" + +} +function indexer_startCluster() { + + common_logger -d "Starting Wazuh indexer cluster." + for ip_to_test in "${indexer_node_ips[@]}"; do + eval "common_curl -XGET https://"${ip_to_test}":9200/ -k -s -o /dev/null" + e_code="${PIPESTATUS[0]}" + + if [ "${e_code}" -eq "7" ]; then + common_logger -e "Connectivity check failed on node ${ip_to_test} port 9200. Possible causes: Wazuh indexer not installed on the node, the Wazuh indexer service is not running or you have connectivity issues with that node. Please check this before trying again." + exit 1 + fi + done + + eval "wazuh_indexer_ip=( $(cat /etc/wazuh-indexer/opensearch.yml | grep network.host | sed 's/network.host:\s//') )" + eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h ${wazuh_indexer_ip} ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh indexer cluster security configuration initialized." + fi + + # Validate Wazuh indexer security admin it is initialized + indexer_security_admin_comm="common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent -w \"%{http_code}\" --output /dev/null" + http_status=$(eval "${indexer_security_admin_comm}") + retries=0 + max_retries=5 + while [ "${http_status}" -ne 200 ]; do + common_logger -d "Waiting for Wazuh indexer to be ready. wazuh-indexer status: ${http_status}" + sleep 5 + retries=$((retries+1)) + if [ "${retries}" -eq "${max_retries}" ]; then + common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." + exit 1 + fi + http_status=$(eval "${indexer_security_admin_comm}") + done + + # Wazuh alerts template injection + if [ -n "${offline_install}" ]; then + filebeat_wazuh_template="file://${offline_files_path}/wazuh-template.json" + fi + http_status=$(eval "common_curl --silent '${filebeat_wazuh_template}' --max-time 300 --retry 5 --retry-delay 5" | eval "common_curl -X PUT 'https://${indexer_node_ips[pos]}:9200/_template/wazuh' -H \'Content-Type: application/json\' -d @- -uadmin:admin -k --max-time 300 --silent --retry 5 --retry-delay 5 -w "%{http_code}" -o /dev/null") + if [ -z "${http_status}" ] || [ "${http_status}" -ne 200 ]; then + common_logger -e "The wazuh-alerts template could not be inserted into the Wazuh indexer cluster." + exit 1 + else + common_logger -d "Inserted wazuh-alerts template into the Wazuh indexer cluster." + fi +} + +# ------------ filebeat.sh ------------ +function filebeat_configure(){ + + common_logger -d "Configuring Filebeat." + + if [ -z "${offline_install}" ]; then + eval "common_curl -sSo /etc/filebeat/wazuh-template.json ${filebeat_wazuh_template} --max-time 300 --retry 5 --retry-delay 5 --fail" + if [ ! -f "/etc/filebeat/wazuh-template.json" ]; then + common_logger -e "Error downloading wazuh-template.json file." + installCommon_rollBack + exit 1 + fi + common_logger -d "Filebeat template was download successfully." + + eval "(common_curl -sS ${filebeat_wazuh_module} --max-time 300 --retry 5 --retry-delay 5 --fail | tar -xvz -C /usr/share/filebeat/module) ${debug}" + if [ ! -d "/usr/share/filebeat/module" ]; then + common_logger -e "Error downloading wazuh filebeat module." + installCommon_rollBack + exit 1 + fi + common_logger -d "Filebeat module was downloaded successfully." + else + eval "cp ${offline_files_path}/wazuh-template.json /etc/filebeat/wazuh-template.json ${debug}" + eval "tar -xvzf ${offline_files_path}/wazuh-filebeat-*.tar.gz -C /usr/share/filebeat/module ${debug}" + fi + + eval "chmod go+r /etc/filebeat/wazuh-template.json ${debug}" + if [ -n "${AIO}" ]; then + eval "installCommon_getConfig filebeat/filebeat_assistant.yml /etc/filebeat/filebeat.yml ${debug}" + else + eval "installCommon_getConfig filebeat/filebeat_distributed.yml /etc/filebeat/filebeat.yml ${debug}" + if [ ${#indexer_node_names[@]} -eq 1 ]; then + echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml + echo " - ${indexer_node_ips[0]}:9200" >> /etc/filebeat/filebeat.yml + else + echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml + for i in "${indexer_node_ips[@]}"; do + echo " - ${i}:9200" >> /etc/filebeat/filebeat.yml + done + fi + fi + + eval "mkdir /etc/filebeat/certs ${debug}" + filebeat_copyCertificates + + eval "filebeat keystore create ${debug}" + eval "(echo admin | filebeat keystore add username --force --stdin)" "${debug}" + eval "(echo admin | filebeat keystore add password --force --stdin)" "${debug}" + + common_logger "Filebeat post-install configuration finished." +} +function filebeat_copyCertificates() { + + common_logger -d "Copying Filebeat certificates." + if [ -f "${tar_file}" ]; then + if [ -n "${AIO}" ]; then + if ! tar -tvf "${tar_file}" | grep -q "${server_node_names[0]}" ; then + common_logger -e "Tar file does not contain certificate for the node ${server_node_names[0]}." + installCommon_rollBack + exit 1 + fi + eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" + else + if ! tar -tvf "${tar_file}" | grep -q "${winame}" ; then + common_logger -e "Tar file does not contain certificate for the node ${winame}." + installCommon_rollBack + exit 1 + fi + eval "sed -i s/filebeat.pem/${winame}.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "sed -i s/filebeat-key.pem/${winame}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" + fi + eval "chmod 500 ${filebeat_cert_path} ${debug}" + eval "chmod 400 ${filebeat_cert_path}/* ${debug}" + eval "chown root:root ${filebeat_cert_path}/* ${debug}" + else + common_logger -e "No certificates found. Could not initialize Filebeat" + installCommon_rollBack + exit 1 + fi + +} +function filebeat_install() { + + common_logger "Starting Filebeat installation." + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "filebeat" "${filebeat_version}" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "filebeat" "${filebeat_version}" + fi + + install_result="${PIPESTATUS[0]}" + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${filebeat_installed}" ]; then + common_logger -e "Filebeat installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Filebeat installation finished." + fi + +} + +# ------------ dashboard.sh ------------ +function dashboard_changePort() { + + chosen_port="$1" + http_port="${chosen_port}" + wazuh_dashboard_port=( "${http_port}" ) + wazuh_aio_ports=(9200 9300 1514 1515 1516 55000 "${http_port}") + + sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' "$0" + common_logger "Wazuh web interface port will be ${chosen_port}." +} +function dashboard_configure() { + + common_logger -d "Configuring Wazuh dashboard." + if [ -n "${AIO}" ]; then + eval "installCommon_getConfig dashboard/dashboard_assistant.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + dashboard_copyCertificates "${debug}" + else + eval "installCommon_getConfig dashboard/dashboard_assistant_distributed.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + dashboard_copyCertificates "${debug}" + if [ "${#dashboard_node_names[@]}" -eq 1 ]; then + pos=0 + ip=${dashboard_node_ips[0]} + else + for i in "${!dashboard_node_names[@]}"; do + if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then + pos="${i}"; + fi + done + ip=${dashboard_node_ips[pos]} + fi + + if [[ "${ip}" != "127.0.0.1" ]]; then + echo "server.host: ${ip}" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + else + echo 'server.host: '0.0.0.0'' >> /etc/wazuh-dashboard/opensearch_dashboards.yml + fi + + if [ "${#indexer_node_names[@]}" -eq 1 ]; then + echo "opensearch.hosts: https://${indexer_node_ips[0]}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + else + echo "opensearch.hosts:" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + for i in "${indexer_node_ips[@]}"; do + echo " - https://${i}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + done + fi + fi + + sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' /etc/wazuh-dashboard/opensearch_dashboards.yml + + common_logger "Wazuh dashboard post-install configuration finished." + +} +function dashboard_copyCertificates() { + + common_logger -d "Copying Wazuh dashboard certificates." + eval "rm -f ${dashboard_cert_path}/* ${debug}" + name=${dashboard_node_names[pos]} + + if [ -f "${tar_file}" ]; then + if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then + common_logger -e "Tar file does not contain certificate for the node ${name}." + installCommon_rollBack + exit 1; + fi + eval "mkdir ${dashboard_cert_path} ${debug}" + eval "sed -i s/dashboard.pem/${name}.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + eval "sed -i s/dashboard-key.pem/${name}-key.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/ ${debug}" + eval "chmod 500 ${dashboard_cert_path} ${debug}" + eval "chmod 400 ${dashboard_cert_path}/* ${debug}" + eval "chown wazuh-dashboard:wazuh-dashboard ${dashboard_cert_path}/* ${debug}" + common_logger -d "Wazuh dashboard certificate setup finished." + else + common_logger -e "No certificates found. Wazuh dashboard could not be initialized." + installCommon_rollBack + exit 1 + fi + +} +function dashboard_initialize() { + + common_logger "Initializing Wazuh dashboard web application." + installCommon_getPass "admin" + j=0 + + if [ "${#dashboard_node_names[@]}" -eq 1 ]; then + nodes_dashboard_ip=${dashboard_node_ips[0]} + else + for i in "${!dashboard_node_names[@]}"; do + if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then + pos="${i}"; + fi + done + nodes_dashboard_ip=${dashboard_node_ips[pos]} + fi + + if [ "${nodes_dashboard_ip}" == "localhost" ] || [[ "${nodes_dashboard_ip}" == 127.* ]]; then + print_ip="" + else + print_ip="${nodes_dashboard_ip}" + fi + + until [ "$(curl -XGET https://"${nodes_dashboard_ip}":"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)" -eq "200" ] || [ "${j}" -eq "12" ]; do + sleep 10 + j=$((j+1)) + common_logger -d "Retrying Wazuh dashboard connection..." + done + + if [ ${j} -lt 12 ]; then + common_logger -d "Wazuh dashboard connection was successful." + if [ "${#server_node_names[@]}" -eq 1 ]; then + wazuh_api_address=${server_node_ips[0]} + else + for i in "${!server_node_types[@]}"; do + if [[ "${server_node_types[i]}" == "master" ]]; then + wazuh_api_address=${server_node_ips[i]} + fi + done + fi + if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then + eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" + fi + + common_logger "Wazuh dashboard web application initialized." + common_logger -nl "--- Summary ---" + common_logger -nl "You can access the web interface https://${print_ip}:${http_port}\n User: admin\n Password: ${u_pass}" + + else + flag="-w" + if [ -z "${force}" ]; then + flag="-e" + fi + failed_nodes=() + common_logger "${flag}" "Cannot connect to Wazuh dashboard." + + for i in "${!indexer_node_ips[@]}"; do + curl=$(common_curl -XGET https://"${indexer_node_ips[i]}":9200/ -uadmin:"${u_pass}" -k -s --max-time 300 --retry 5 --retry-delay 5 --fail) + exit_code=${PIPESTATUS[0]} + if [[ "${exit_code}" -eq "7" ]]; then + failed_connect=1 + failed_nodes+=("${indexer_node_names[i]}") + elif [ "${exit_code}" -eq "22" ]; then + sec_not_initialized=1 + fi + done + if [ -n "${failed_connect}" ]; then + common_logger "${flag}" "Failed to connect with ${failed_nodes[*]}. Connection refused." + fi + + if [ -n "${sec_not_initialized}" ]; then + common_logger "${flag}" "Wazuh indexer security settings not initialized. Please run the installation assistant using -s|--start-cluster in one of the wazuh indexer nodes." + fi + + if [ -z "${force}" ]; then + common_logger "If you want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -fd option" + installCommon_rollBack + exit 1 + else + common_logger -nl "--- Summary ---" + common_logger -nl "When Wazuh dashboard is able to connect to your Wazuh indexer cluster, you can access the web interface https://${print_ip}\n User: admin\n Password: ${u_pass}" + fi + fi + +} +function dashboard_initializeAIO() { + + wazuh_api_address=${server_node_ips[0]} + common_logger "Initializing Wazuh dashboard web application." + installCommon_getPass "admin" + http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) + retries=0 + max_dashboard_initialize_retries=20 + while [ "${http_code}" -ne "200" ] && [ "${retries}" -lt "${max_dashboard_initialize_retries}" ] + do + http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) + common_logger "Wazuh dashboard web application not yet initialized. Waiting..." + retries=$((retries+1)) + sleep 15 + done + if [ "${http_code}" -eq "200" ]; then + if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then + eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" + fi + common_logger "Wazuh dashboard web application initialized." + common_logger -nl "--- Summary ---" + common_logger -nl "You can access the web interface https://:${http_port}\n User: admin\n Password: ${u_pass}" + else + common_logger -e "Wazuh dashboard installation failed." + installCommon_rollBack + exit 1 + fi +} +function dashboard_install() { + + common_logger "Starting Wazuh dashboard installation." + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "wazuh-dashboard" "${wazuh_version}-*" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "wazuh-dashboard" "${wazuh_version}-*" + fi + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${dashboard_installed}" ]; then + common_logger -e "Wazuh dashboard installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh dashboard installation finished." + fi + +} + +# ------------ manager.sh ------------ +function manager_startCluster() { + + common_logger -d "Starting Wazuh manager cluster." + for i in "${!server_node_names[@]}"; do + if [[ "${server_node_names[i]}" == "${winame}" ]]; then + pos="${i}"; + fi + done + + for i in "${!server_node_types[@]}"; do + if [[ "${server_node_types[i],,}" == "master" ]]; then + master_address=${server_node_ips[i]} + fi + done + + key=$(tar -axf "${tar_file}" wazuh-install-files/clusterkey -O) + bind_address="0.0.0.0" + port="1516" + hidden="no" + disabled="no" + lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + + eval 'sed -i -e "${lstart},${lend}s/.*<\/name>/wazuh_cluster<\/name>/" \ + -e "${lstart},${lend}s/.*<\/node_name>/${winame}<\/node_name>/" \ + -e "${lstart},${lend}s/.*<\/node_type>/${server_node_types[pos],,}<\/node_type>/" \ + -e "${lstart},${lend}s/.*<\/key>/${key}<\/key>/" \ + -e "${lstart},${lend}s/.*<\/port>/${port}<\/port>/" \ + -e "${lstart},${lend}s/.*<\/bind_addr>/${bind_address}<\/bind_addr>/" \ + -e "${lstart},${lend}s/.*<\/node>/${master_address}<\/node>/" \ + -e "${lstart},${lend}s/.*<\/hidden>/${hidden}<\/hidden>/" \ + -e "${lstart},${lend}s/.*<\/disabled>/${disabled}<\/disabled>/" \ + /var/ossec/etc/ossec.conf' + +} +function manager_configure(){ + + common_logger -d "Configuring Wazuh manager." + + if [ ${#indexer_node_names[@]} -eq 1 ]; then + eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" + else + lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + for i in "${!indexer_node_ips[@]}"; do + if [ $i -eq 0 ]; then + eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" + else + eval "sed -i '//a\ https:\/\/${indexer_node_ips[$i]}:9200<\/host>' /var/ossec/etc/ossec.conf" + fi + done + fi + eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /var/ossec/etc/ossec.conf ${debug}" + eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /var/ossec/etc/ossec.conf ${debug}" + common_logger -d "Setting provisional Wazuh indexer password." + eval "/var/ossec/bin/wazuh-keystore -f indexer -k username -v admin" + eval "/var/ossec/bin/wazuh-keystore -f indexer -k password -v admin" + common_logger "Wazuh manager vulnerability detection configuration finished." +} +function manager_install() { + + common_logger "Starting the Wazuh manager installation." + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "wazuh-manager" "${wazuh_version}-*" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "wazuh-manager" "${wazuh_version}-*" + fi + + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${wazuh_installed}" ]; then + common_logger -e "Wazuh installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh manager installation finished." + fi +} + # ------------ installCommon.sh ------------ function installCommon_addCentOSRepository() { @@ -1669,1060 +2726,6 @@ function installCommon_checkAptLock() { } -# ------------ manager.sh ------------ -function manager_startCluster() { - - common_logger -d "Starting Wazuh manager cluster." - for i in "${!server_node_names[@]}"; do - if [[ "${server_node_names[i]}" == "${winame}" ]]; then - pos="${i}"; - fi - done - - for i in "${!server_node_types[@]}"; do - if [[ "${server_node_types[i],,}" == "master" ]]; then - master_address=${server_node_ips[i]} - fi - done - - key=$(tar -axf "${tar_file}" wazuh-install-files/clusterkey -O) - bind_address="0.0.0.0" - port="1516" - hidden="no" - disabled="no" - lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - - eval 'sed -i -e "${lstart},${lend}s/.*<\/name>/wazuh_cluster<\/name>/" \ - -e "${lstart},${lend}s/.*<\/node_name>/${winame}<\/node_name>/" \ - -e "${lstart},${lend}s/.*<\/node_type>/${server_node_types[pos],,}<\/node_type>/" \ - -e "${lstart},${lend}s/.*<\/key>/${key}<\/key>/" \ - -e "${lstart},${lend}s/.*<\/port>/${port}<\/port>/" \ - -e "${lstart},${lend}s/.*<\/bind_addr>/${bind_address}<\/bind_addr>/" \ - -e "${lstart},${lend}s/.*<\/node>/${master_address}<\/node>/" \ - -e "${lstart},${lend}s/.*<\/hidden>/${hidden}<\/hidden>/" \ - -e "${lstart},${lend}s/.*<\/disabled>/${disabled}<\/disabled>/" \ - /var/ossec/etc/ossec.conf' - -} -function manager_configure(){ - - common_logger -d "Configuring Wazuh manager." - - if [ ${#indexer_node_names[@]} -eq 1 ]; then - eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" - else - lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - for i in "${!indexer_node_ips[@]}"; do - if [ $i -eq 0 ]; then - eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" - else - eval "sed -i '//a\ https:\/\/${indexer_node_ips[$i]}:9200<\/host>' /var/ossec/etc/ossec.conf" - fi - done - fi - eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /var/ossec/etc/ossec.conf ${debug}" - eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /var/ossec/etc/ossec.conf ${debug}" - common_logger -d "Setting provisional Wazuh indexer password." - eval "/var/ossec/bin/wazuh-keystore -f indexer -k username -v admin" - eval "/var/ossec/bin/wazuh-keystore -f indexer -k password -v admin" - common_logger "Wazuh manager vulnerability detection configuration finished." -} -function manager_install() { - - common_logger "Starting the Wazuh manager installation." - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "wazuh-manager" "${wazuh_version}-*" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "wazuh-manager" "${wazuh_version}-*" - fi - - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${wazuh_installed}" ]; then - common_logger -e "Wazuh installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh manager installation finished." - fi -} - -# ------------ dashboard.sh ------------ -function dashboard_changePort() { - - chosen_port="$1" - http_port="${chosen_port}" - wazuh_dashboard_port=( "${http_port}" ) - wazuh_aio_ports=(9200 9300 1514 1515 1516 55000 "${http_port}") - - sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' "$0" - common_logger "Wazuh web interface port will be ${chosen_port}." -} -function dashboard_configure() { - - common_logger -d "Configuring Wazuh dashboard." - if [ -n "${AIO}" ]; then - eval "installCommon_getConfig dashboard/dashboard_assistant.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - dashboard_copyCertificates "${debug}" - else - eval "installCommon_getConfig dashboard/dashboard_assistant_distributed.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - dashboard_copyCertificates "${debug}" - if [ "${#dashboard_node_names[@]}" -eq 1 ]; then - pos=0 - ip=${dashboard_node_ips[0]} - else - for i in "${!dashboard_node_names[@]}"; do - if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then - pos="${i}"; - fi - done - ip=${dashboard_node_ips[pos]} - fi - - if [[ "${ip}" != "127.0.0.1" ]]; then - echo "server.host: ${ip}" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - else - echo 'server.host: '0.0.0.0'' >> /etc/wazuh-dashboard/opensearch_dashboards.yml - fi - - if [ "${#indexer_node_names[@]}" -eq 1 ]; then - echo "opensearch.hosts: https://${indexer_node_ips[0]}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - else - echo "opensearch.hosts:" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - for i in "${indexer_node_ips[@]}"; do - echo " - https://${i}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - done - fi - fi - - sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' /etc/wazuh-dashboard/opensearch_dashboards.yml - - common_logger "Wazuh dashboard post-install configuration finished." - -} -function dashboard_copyCertificates() { - - common_logger -d "Copying Wazuh dashboard certificates." - eval "rm -f ${dashboard_cert_path}/* ${debug}" - name=${dashboard_node_names[pos]} - - if [ -f "${tar_file}" ]; then - if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then - common_logger -e "Tar file does not contain certificate for the node ${name}." - installCommon_rollBack - exit 1; - fi - eval "mkdir ${dashboard_cert_path} ${debug}" - eval "sed -i s/dashboard.pem/${name}.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - eval "sed -i s/dashboard-key.pem/${name}-key.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/ ${debug}" - eval "chmod 500 ${dashboard_cert_path} ${debug}" - eval "chmod 400 ${dashboard_cert_path}/* ${debug}" - eval "chown wazuh-dashboard:wazuh-dashboard ${dashboard_cert_path}/* ${debug}" - common_logger -d "Wazuh dashboard certificate setup finished." - else - common_logger -e "No certificates found. Wazuh dashboard could not be initialized." - installCommon_rollBack - exit 1 - fi - -} -function dashboard_initialize() { - - common_logger "Initializing Wazuh dashboard web application." - installCommon_getPass "admin" - j=0 - - if [ "${#dashboard_node_names[@]}" -eq 1 ]; then - nodes_dashboard_ip=${dashboard_node_ips[0]} - else - for i in "${!dashboard_node_names[@]}"; do - if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then - pos="${i}"; - fi - done - nodes_dashboard_ip=${dashboard_node_ips[pos]} - fi - - if [ "${nodes_dashboard_ip}" == "localhost" ] || [[ "${nodes_dashboard_ip}" == 127.* ]]; then - print_ip="" - else - print_ip="${nodes_dashboard_ip}" - fi - - until [ "$(curl -XGET https://"${nodes_dashboard_ip}":"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)" -eq "200" ] || [ "${j}" -eq "12" ]; do - sleep 10 - j=$((j+1)) - common_logger -d "Retrying Wazuh dashboard connection..." - done - - if [ ${j} -lt 12 ]; then - common_logger -d "Wazuh dashboard connection was successful." - if [ "${#server_node_names[@]}" -eq 1 ]; then - wazuh_api_address=${server_node_ips[0]} - else - for i in "${!server_node_types[@]}"; do - if [[ "${server_node_types[i]}" == "master" ]]; then - wazuh_api_address=${server_node_ips[i]} - fi - done - fi - if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then - eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" - fi - - common_logger "Wazuh dashboard web application initialized." - common_logger -nl "--- Summary ---" - common_logger -nl "You can access the web interface https://${print_ip}:${http_port}\n User: admin\n Password: ${u_pass}" - - else - flag="-w" - if [ -z "${force}" ]; then - flag="-e" - fi - failed_nodes=() - common_logger "${flag}" "Cannot connect to Wazuh dashboard." - - for i in "${!indexer_node_ips[@]}"; do - curl=$(common_curl -XGET https://"${indexer_node_ips[i]}":9200/ -uadmin:"${u_pass}" -k -s --max-time 300 --retry 5 --retry-delay 5 --fail) - exit_code=${PIPESTATUS[0]} - if [[ "${exit_code}" -eq "7" ]]; then - failed_connect=1 - failed_nodes+=("${indexer_node_names[i]}") - elif [ "${exit_code}" -eq "22" ]; then - sec_not_initialized=1 - fi - done - if [ -n "${failed_connect}" ]; then - common_logger "${flag}" "Failed to connect with ${failed_nodes[*]}. Connection refused." - fi - - if [ -n "${sec_not_initialized}" ]; then - common_logger "${flag}" "Wazuh indexer security settings not initialized. Please run the installation assistant using -s|--start-cluster in one of the wazuh indexer nodes." - fi - - if [ -z "${force}" ]; then - common_logger "If you want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -fd option" - installCommon_rollBack - exit 1 - else - common_logger -nl "--- Summary ---" - common_logger -nl "When Wazuh dashboard is able to connect to your Wazuh indexer cluster, you can access the web interface https://${print_ip}\n User: admin\n Password: ${u_pass}" - fi - fi - -} -function dashboard_initializeAIO() { - - wazuh_api_address=${server_node_ips[0]} - common_logger "Initializing Wazuh dashboard web application." - installCommon_getPass "admin" - http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) - retries=0 - max_dashboard_initialize_retries=20 - while [ "${http_code}" -ne "200" ] && [ "${retries}" -lt "${max_dashboard_initialize_retries}" ] - do - http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) - common_logger "Wazuh dashboard web application not yet initialized. Waiting..." - retries=$((retries+1)) - sleep 15 - done - if [ "${http_code}" -eq "200" ]; then - if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then - eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" - fi - common_logger "Wazuh dashboard web application initialized." - common_logger -nl "--- Summary ---" - common_logger -nl "You can access the web interface https://:${http_port}\n User: admin\n Password: ${u_pass}" - else - common_logger -e "Wazuh dashboard installation failed." - installCommon_rollBack - exit 1 - fi -} -function dashboard_install() { - - common_logger "Starting Wazuh dashboard installation." - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "wazuh-dashboard" "${wazuh_version}-*" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "wazuh-dashboard" "${wazuh_version}-*" - fi - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${dashboard_installed}" ]; then - common_logger -e "Wazuh dashboard installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh dashboard installation finished." - fi - -} - -# ------------ installMain.sh ------------ -function getHelp() { - - echo -e "" - echo -e "NAME" - echo -e " $(basename "$0") - Install and configure Wazuh central components: Wazuh server, Wazuh indexer, and Wazuh dashboard." - echo -e "" - echo -e "SYNOPSIS" - echo -e " $(basename "$0") [OPTIONS] -a | -c | -s | -wi | -wd | -ws " - echo -e "" - echo -e "DESCRIPTION" - echo -e " -a, --all-in-one" - echo -e " Install and configure Wazuh server, Wazuh indexer, Wazuh dashboard." - echo -e "" - echo -e " -c, --config-file " - echo -e " Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script." - echo -e "" - echo -e " -d [pre-release|staging], --development" - echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." - echo -e "" - echo -e " -dw, --download-wazuh " - echo -e " Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)" - echo -e "" - echo -e " -fd, --force-install-dashboard" - echo -e " Force Wazuh dashboard installation to continue even when it is not capable of connecting to the Wazuh indexer." - echo -e "" - echo -e " -g, --generate-config-files" - echo -e " Generate wazuh-install-files.tar file containing the files that will be needed for installation from config.yml. In distributed deployments you will need to copy this file to all hosts." - echo -e "" - echo -e " -h, --help" - echo -e " Display this help and exit." - echo -e "" - echo -e " -i, --ignore-check" - echo -e " Ignore the check for minimum hardware requirements." - echo -e "" - echo -e " -o, --overwrite" - echo -e " Overwrites previously installed components. This will erase all the existing configuration and data." - echo -e "" - echo -e " -of, --offline-installation" - echo -e " Perform an offline installation. This option must be used with -a, -ws, -s, -wi, or -wd." - echo -e "" - echo -e " -p, --port" - echo -e " Specifies the Wazuh web user interface port. By default is the 443 TCP port. Recommended ports are: 8443, 8444, 8080, 8888, 9000." - echo -e "" - echo -e " -s, --start-cluster" - echo -e " Initialize Wazuh indexer cluster security settings." - echo -e "" - echo -e " -t, --tar " - echo -e " Path to tar file containing certificate files. By default, the Wazuh installation assistant will search for a file named wazuh-install-files.tar in the same path as the script." - echo -e "" - echo -e " -u, --uninstall" - echo -e " Uninstalls all Wazuh components. This will erase all the existing configuration and data." - echo -e "" - echo -e " -v, --verbose" - echo -e " Shows the complete installation output." - echo -e "" - echo -e " -V, --version" - echo -e " Shows the version of the script and Wazuh packages." - echo -e "" - echo -e " -wd, --wazuh-dashboard " - echo -e " Install and configure Wazuh dashboard, used for distributed deployments." - echo -e "" - echo -e " -wi, --wazuh-indexer " - echo -e " Install and configure Wazuh indexer, used for distributed deployments." - echo -e "" - echo -e " -ws, --wazuh-server " - echo -e " Install and configure Wazuh manager and Filebeat, used for distributed deployments." - exit 1 - -} -function main() { - umask 177 - - if [ -z "${1}" ]; then - getHelp - fi - - while [ -n "${1}" ] - do - case "${1}" in - "-a"|"--all-in-one") - AIO=1 - shift 1 - ;; - "-c"|"--config-file") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -c|--config-file" - getHelp - exit 1 - fi - file_conf=1 - config_file="${2}" - shift 2 - ;; - "-d"|"--development") - development=1 - if [ -n "${2}" ] && [[ ! "${2}" =~ ^- ]]; then - if [ "${2}" = "pre-release" ] || [ "${2}" = "staging" ]; then - devrepo="${2}" - else - common_logger -e "Error: Invalid value '${2}' after -d|--development. Accepted values are 'pre-release' or 'staging'." - getHelp - exit 1 - fi - shift 2 - else - devrepo="pre-release" - shift 1 - fi - repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" - repobaseurl="https://packages-dev.wazuh.com/${devrepo}" - reporelease="unstable" - filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" - bucket="packages-dev.wazuh.com" - repository="${devrepo}" - ;; - - "-fd"|"--force-install-dashboard") - force=1 - shift 1 - ;; - "-g"|"--generate-config-files") - configurations=1 - shift 1 - ;; - "-h"|"--help") - getHelp - ;; - "-i"|"--ignore-check") - ignore=1 - shift 1 - ;; - "-o"|"--overwrite") - overwrite=1 - shift 1 - ;; - "-of"|"--offline-installation") - offline_install=1 - shift 1 - ;; - "-p"|"--port") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -p|--port" - getHelp - exit 1 - fi - port_specified=1 - port_number="${2}" - shift 2 - ;; - "-s"|"--start-cluster") - start_indexer_cluster=1 - shift 1 - ;; - "-t"|"--tar") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -t|--tar" - getHelp - exit 1 - fi - tar_conf=1 - tar_file="${2}" - shift 2 - ;; - "-u"|"--uninstall") - uninstall=1 - shift 1 - ;; - "-v"|"--verbose") - debugEnabled=1 - debug="2>&1 | tee -a ${logfile}" - shift 1 - ;; - "-V"|"--version") - showVersion=1 - shift 1 - ;; - "-wd"|"--wazuh-dashboard") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -wd|---wazuh-dashboard" - getHelp - exit 1 - fi - dashboard=1 - dashname="${2}" - shift 2 - ;; - "-wi"|"--wazuh-indexer") - if [ -z "${2}" ]; then - common_logger -e "Arguments contain errors. Probably missing after -wi|--wazuh-indexer." - getHelp - exit 1 - fi - indexer=1 - indxname="${2}" - shift 2 - ;; - "-ws"|"--wazuh-server") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -ws|--wazuh-server" - getHelp - exit 1 - fi - wazuh=1 - winame="${2}" - shift 2 - ;; - "-dw"|"--download-wazuh") - if [ "${2}" != "deb" ] && [ "${2}" != "rpm" ]; then - common_logger -e "Error on arguments. Probably missing after -dw|--download-wazuh" - getHelp - exit 1 - fi - download=1 - package_type="${2}" - shift 2 - ;; - *) - echo "Unknow option: ${1}" - getHelp - esac - done - - cat /dev/null > "${logfile}" - - if [ -z "${download}" ] && [ -z "${showVersion}" ]; then - common_checkRoot - fi - - if [ -n "${showVersion}" ]; then - common_logger "Wazuh version: ${wazuh_version}" - common_logger "Filebeat version: ${filebeat_version}" - common_logger "Wazuh installation assistant version: ${wazuh_install_vesion}" - exit 0 - fi - - common_logger "Starting Wazuh installation assistant. Wazuh version: ${wazuh_version}" - common_logger "Verbose logging redirected to ${logfile}" - -# -------------- Uninstall case ------------------------------------ - - common_checkSystem - - if [ -z "${download}" ]; then - check_dist - fi - - if [ -z "${uninstall}" ] && [ -z "${offline_install}" ]; then - installCommon_installCheckDependencies - elif [ -n "${offline_install}" ]; then - offline_checkPrerequisites "wia_offline_dependencies" "${wia_offline_dependencies[@]}" - fi - - common_checkInstalled - checks_arguments - if [ -n "${development}" ]; then - checks_filebeatURL - fi - if [ -n "${uninstall}" ]; then - installCommon_rollBack - exit 0 - fi - - checks_arch - if [ -n "${ignore}" ]; then - common_logger -w "Hardware checks ignored." - else - common_logger "Verifying that your system meets the recommended minimum hardware requirements." - checks_health - fi - -# -------------- Preliminary checks and Prerequisites -------------------------------- - - if [ -z "${configurations}" ] && [ -z "${AIO}" ] && [ -z "${download}" ]; then - checks_previousCertificate - fi - - if [ -n "${port_specified}" ]; then - checks_available_port "${port_number}" "${wazuh_aio_ports[@]}" - dashboard_changePort "${port_number}" - elif [ -n "${AIO}" ] || [ -n "${dashboard}" ]; then - dashboard_changePort "${http_port}" - fi - - if [ -n "${AIO}" ]; then - rm -f "${tar_file}" - checks_ports "${wazuh_aio_ports[@]}" - installCommon_installPrerequisites "AIO" - fi - - if [ -n "${indexer}" ]; then - checks_ports "${wazuh_indexer_ports[@]}" - installCommon_installPrerequisites "indexer" - fi - - if [ -n "${wazuh}" ]; then - checks_ports "${wazuh_manager_ports[@]}" - installCommon_installPrerequisites "wazuh" - fi - - if [ -n "${dashboard}" ]; then - checks_ports "${wazuh_dashboard_port}" - installCommon_installPrerequisites "dashboard" - fi - - -# -------------- Wazuh repo ---------------------- - - # Offline installation case: extract the compressed files - if [ -n "${offline_install}" ]; then - offline_checkPreinstallation - offline_extractFiles - offline_importGPGKey - fi - - if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then - check_curlVersion - if [ -z "${offline_install}" ]; then - installCommon_addWazuhRepo - fi - fi - -# -------------- Configuration creation case ----------------------- - - # Creation certificate case: Only AIO and -g option can create certificates. - if [ -n "${configurations}" ] || [ -n "${AIO}" ]; then - common_logger "--- Configuration files ---" - installCommon_createInstallFiles - fi - - if [ -z "${configurations}" ] && [ -z "${download}" ]; then - installCommon_extractConfig - config_file="/tmp/wazuh-install-files/config.yml" - cert_readConfig - fi - - # Distributed architecture: node names must be different - if [[ -z "${AIO}" && -z "${download}" && ( -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" ) ]]; then - checks_names - fi - - if [ -n "${configurations}" ]; then - installCommon_removeWIADependencies - fi - -# -------------- Wazuh indexer case ------------------------------- - - if [ -n "${indexer}" ]; then - common_logger "--- Wazuh indexer ---" - indexer_install - indexer_configure - installCommon_startService "wazuh-indexer" - indexer_initialize - installCommon_removeWIADependencies - fi - -# -------------- Start Wazuh indexer cluster case ------------------ - - if [ -n "${start_indexer_cluster}" ]; then - indexer_startCluster - installCommon_changePasswords - installCommon_removeWIADependencies - fi - -# -------------- Wazuh dashboard case ------------------------------ - - if [ -n "${dashboard}" ]; then - common_logger "--- Wazuh dashboard ----" - dashboard_install - dashboard_configure - installCommon_startService "wazuh-dashboard" - installCommon_changePasswords - dashboard_initialize - installCommon_removeWIADependencies - - fi - -# -------------- Wazuh server case --------------------------------------- - - if [ -n "${wazuh}" ]; then - common_logger "--- Wazuh server ---" - manager_install - manager_configure - if [ -n "${server_node_types[*]}" ]; then - manager_startCluster - fi - installCommon_startService "wazuh-manager" - filebeat_install - filebeat_configure - installCommon_changePasswords - installCommon_startService "filebeat" - installCommon_removeWIADependencies - fi - -# -------------- AIO case ------------------------------------------ - - if [ -n "${AIO}" ]; then - - common_logger "--- Wazuh indexer ---" - indexer_install - indexer_configure - installCommon_startService "wazuh-indexer" - indexer_initialize - common_logger "--- Wazuh server ---" - manager_install - manager_configure - installCommon_startService "wazuh-manager" - filebeat_install - filebeat_configure - installCommon_startService "filebeat" - common_logger "--- Wazuh dashboard ---" - dashboard_install - dashboard_configure - installCommon_startService "wazuh-dashboard" - installCommon_changePasswords - dashboard_initializeAIO - installCommon_removeWIADependencies - - fi - -# -------------- Offline case ------------------------------------------ - - if [ -n "${download}" ]; then - common_logger "--- Download Packages ---" - offline_download - fi - - -# ------------------------------------------------------------------- - - if [ -z "${configurations}" ] && [ -z "${download}" ] && [ -z "${offline_install}" ]; then - installCommon_restoreWazuhrepo - fi - - if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then - eval "rm -rf /tmp/wazuh-install-files ${debug}" - common_logger "Installation finished." - elif [ -n "${start_indexer_cluster}" ]; then - common_logger "Wazuh indexer cluster started." - fi - -} - -# ------------ indexer.sh ------------ -function indexer_configure() { - - common_logger -d "Configuring Wazuh indexer." - eval "export JAVA_HOME=/usr/share/wazuh-indexer/jdk/" - - # Configure JVM options for Wazuh indexer - ram_gb=$(free -m | awk 'FNR == 2 {print $2}') - ram="$(( ram_mb / 2 ))" - - if [ "${ram}" -eq "0" ]; then - ram=1024; - fi - eval "sed -i "s/-Xms1g/-Xms${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" - eval "sed -i "s/-Xmx1g/-Xmx${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" - - if [ -n "${AIO}" ]; then - eval "installCommon_getConfig indexer/indexer_all_in_one.yml /etc/wazuh-indexer/opensearch.yml ${debug}" - else - eval "installCommon_getConfig indexer/indexer_assistant_distributed.yml /etc/wazuh-indexer/opensearch.yml ${debug}" - if [ "${#indexer_node_names[@]}" -eq 1 ]; then - pos=0 - { - echo "node.name: ${indxname}" - echo "network.host: ${indexer_node_ips[0]}" - echo "cluster.initial_master_nodes: ${indxname}" - echo "plugins.security.nodes_dn:" - echo ' - CN='"${indxname}"',OU=Wazuh,O=Wazuh,L=California,C=US' - } >> /etc/wazuh-indexer/opensearch.yml - else - echo "node.name: ${indxname}" >> /etc/wazuh-indexer/opensearch.yml - echo "cluster.initial_master_nodes:" >> /etc/wazuh-indexer/opensearch.yml - for i in "${indexer_node_names[@]}"; do - echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml - done - - echo "discovery.seed_hosts:" >> /etc/wazuh-indexer/opensearch.yml - for i in "${indexer_node_ips[@]}"; do - echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml - done - - for i in "${!indexer_node_names[@]}"; do - if [[ "${indexer_node_names[i]}" == "${indxname}" ]]; then - pos="${i}"; - fi - done - - echo "network.host: ${indexer_node_ips[pos]}" >> /etc/wazuh-indexer/opensearch.yml - - echo "plugins.security.nodes_dn:" >> /etc/wazuh-indexer/opensearch.yml - for i in "${indexer_node_names[@]}"; do - echo " - CN=${i},OU=Wazuh,O=Wazuh,L=California,C=US" >> /etc/wazuh-indexer/opensearch.yml - done - fi - fi - - indexer_copyCertificates - - jv=$(java -version 2>&1 | grep -o -m1 '1.8.0' ) - if [ "$jv" == "1.8.0" ]; then - { - echo "wazuh-indexer hard nproc 4096" - echo "wazuh-indexer soft nproc 4096" - echo "wazuh-indexer hard nproc 4096" - echo "wazuh-indexer soft nproc 4096" - } >> /etc/security/limits.conf - echo -ne "\nbootstrap.system_call_filter: false" >> /etc/wazuh-indexer/opensearch.yml - fi - - common_logger "Wazuh indexer post-install configuration finished." -} -function indexer_copyCertificates() { - - common_logger -d "Copying Wazuh indexer certificates." - eval "rm -f ${indexer_cert_path}/* ${debug}" - name=${indexer_node_names[pos]} - - if [ -f "${tar_file}" ]; then - if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then - common_logger -e "Tar file does not contain certificate for the node ${name}." - installCommon_rollBack - exit 1; - fi - eval "mkdir ${indexer_cert_path} ${debug}" - eval "sed -i s/indexer.pem/${name}.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" - eval "sed -i s/indexer-key.pem/${name}-key.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin-key.pem --strip-components 1 ${debug}" - eval "rm -rf ${indexer_cert_path}/wazuh-install-files/ ${debug}" - eval "chown -R wazuh-indexer:wazuh-indexer ${indexer_cert_path} ${debug}" - eval "chmod 500 ${indexer_cert_path} ${debug}" - eval "chmod 400 ${indexer_cert_path}/* ${debug}" - else - common_logger -e "No certificates found. Could not initialize Wazuh indexer" - installCommon_rollBack - exit 1; - fi - -} -function indexer_initialize() { - - common_logger "Initializing Wazuh indexer cluster security settings." - eval "common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null" - e_code="${PIPESTATUS[0]}" - - if [ "${e_code}" -ne "0" ]; then - common_logger -e "Cannot initialize Wazuh indexer cluster." - installCommon_rollBack - exit 1 - fi - - if [ -n "${AIO}" ]; then - eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert ${indexer_cert_path}/root-ca.pem -cert ${indexer_cert_path}/admin.pem -key ${indexer_cert_path}/admin-key.pem -h 127.0.0.1 ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh indexer cluster security configuration initialized." - fi - fi - - if [ "${#indexer_node_names[@]}" -eq 1 ] && [ -z "${AIO}" ]; then - installCommon_changePasswords - fi - - common_logger "Wazuh indexer cluster initialized." - -} -function indexer_install() { - - common_logger "Starting Wazuh indexer installation." - - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "wazuh-indexer" "${wazuh_version}-*" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "wazuh-indexer" "${wazuh_version}-*" - fi - - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${indexer_installed}" ]; then - common_logger -e "Wazuh indexer installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh indexer installation finished." - fi - - eval "sysctl -q -w vm.max_map_count=262144 ${debug}" - -} -function indexer_startCluster() { - - common_logger -d "Starting Wazuh indexer cluster." - for ip_to_test in "${indexer_node_ips[@]}"; do - eval "common_curl -XGET https://"${ip_to_test}":9200/ -k -s -o /dev/null" - e_code="${PIPESTATUS[0]}" - - if [ "${e_code}" -eq "7" ]; then - common_logger -e "Connectivity check failed on node ${ip_to_test} port 9200. Possible causes: Wazuh indexer not installed on the node, the Wazuh indexer service is not running or you have connectivity issues with that node. Please check this before trying again." - exit 1 - fi - done - - eval "wazuh_indexer_ip=( $(cat /etc/wazuh-indexer/opensearch.yml | grep network.host | sed 's/network.host:\s//') )" - eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h ${wazuh_indexer_ip} ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh indexer cluster security configuration initialized." - fi - - # Validate Wazuh indexer security admin it is initialized - indexer_security_admin_comm="common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent -w \"%{http_code}\" --output /dev/null" - http_status=$(eval "${indexer_security_admin_comm}") - retries=0 - max_retries=5 - while [ "${http_status}" -ne 200 ]; do - common_logger -d "Waiting for Wazuh indexer to be ready. wazuh-indexer status: ${http_status}" - sleep 5 - retries=$((retries+1)) - if [ "${retries}" -eq "${max_retries}" ]; then - common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." - exit 1 - fi - http_status=$(eval "${indexer_security_admin_comm}") - done - - # Wazuh alerts template injection - if [ -n "${offline_install}" ]; then - filebeat_wazuh_template="file://${offline_files_path}/wazuh-template.json" - fi - http_status=$(eval "common_curl --silent '${filebeat_wazuh_template}' --max-time 300 --retry 5 --retry-delay 5" | eval "common_curl -X PUT 'https://${indexer_node_ips[pos]}:9200/_template/wazuh' -H \'Content-Type: application/json\' -d @- -uadmin:admin -k --max-time 300 --silent --retry 5 --retry-delay 5 -w "%{http_code}" -o /dev/null") - if [ -z "${http_status}" ] || [ "${http_status}" -ne 200 ]; then - common_logger -e "The wazuh-alerts template could not be inserted into the Wazuh indexer cluster." - exit 1 - else - common_logger -d "Inserted wazuh-alerts template into the Wazuh indexer cluster." - fi -} - -# ------------ filebeat.sh ------------ -function filebeat_configure(){ - - common_logger -d "Configuring Filebeat." - - if [ -z "${offline_install}" ]; then - eval "common_curl -sSo /etc/filebeat/wazuh-template.json ${filebeat_wazuh_template} --max-time 300 --retry 5 --retry-delay 5 --fail" - if [ ! -f "/etc/filebeat/wazuh-template.json" ]; then - common_logger -e "Error downloading wazuh-template.json file." - installCommon_rollBack - exit 1 - fi - common_logger -d "Filebeat template was download successfully." - - eval "(common_curl -sS ${filebeat_wazuh_module} --max-time 300 --retry 5 --retry-delay 5 --fail | tar -xvz -C /usr/share/filebeat/module) ${debug}" - if [ ! -d "/usr/share/filebeat/module" ]; then - common_logger -e "Error downloading wazuh filebeat module." - installCommon_rollBack - exit 1 - fi - common_logger -d "Filebeat module was downloaded successfully." - else - eval "cp ${offline_files_path}/wazuh-template.json /etc/filebeat/wazuh-template.json ${debug}" - eval "tar -xvzf ${offline_files_path}/wazuh-filebeat-*.tar.gz -C /usr/share/filebeat/module ${debug}" - fi - - eval "chmod go+r /etc/filebeat/wazuh-template.json ${debug}" - if [ -n "${AIO}" ]; then - eval "installCommon_getConfig filebeat/filebeat_assistant.yml /etc/filebeat/filebeat.yml ${debug}" - else - eval "installCommon_getConfig filebeat/filebeat_distributed.yml /etc/filebeat/filebeat.yml ${debug}" - if [ ${#indexer_node_names[@]} -eq 1 ]; then - echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml - echo " - ${indexer_node_ips[0]}:9200" >> /etc/filebeat/filebeat.yml - else - echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml - for i in "${indexer_node_ips[@]}"; do - echo " - ${i}:9200" >> /etc/filebeat/filebeat.yml - done - fi - fi - - eval "mkdir /etc/filebeat/certs ${debug}" - filebeat_copyCertificates - - eval "filebeat keystore create ${debug}" - eval "(echo admin | filebeat keystore add username --force --stdin)" "${debug}" - eval "(echo admin | filebeat keystore add password --force --stdin)" "${debug}" - - common_logger "Filebeat post-install configuration finished." -} -function filebeat_copyCertificates() { - - common_logger -d "Copying Filebeat certificates." - if [ -f "${tar_file}" ]; then - if [ -n "${AIO}" ]; then - if ! tar -tvf "${tar_file}" | grep -q "${server_node_names[0]}" ; then - common_logger -e "Tar file does not contain certificate for the node ${server_node_names[0]}." - installCommon_rollBack - exit 1 - fi - eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" - else - if ! tar -tvf "${tar_file}" | grep -q "${winame}" ; then - common_logger -e "Tar file does not contain certificate for the node ${winame}." - installCommon_rollBack - exit 1 - fi - eval "sed -i s/filebeat.pem/${winame}.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "sed -i s/filebeat-key.pem/${winame}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" - fi - eval "chmod 500 ${filebeat_cert_path} ${debug}" - eval "chmod 400 ${filebeat_cert_path}/* ${debug}" - eval "chown root:root ${filebeat_cert_path}/* ${debug}" - else - common_logger -e "No certificates found. Could not initialize Filebeat" - installCommon_rollBack - exit 1 - fi - -} -function filebeat_install() { - - common_logger "Starting Filebeat installation." - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "filebeat" "${filebeat_version}" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "filebeat" "${filebeat_version}" - fi - - install_result="${PIPESTATUS[0]}" - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${filebeat_installed}" ]; then - common_logger -e "Filebeat installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Filebeat installation finished." - fi - -} - # ------------ wazuh-offline-download.sh ------------ function offline_download() { @@ -2898,6 +2901,103 @@ function offline_download() { common_logger "You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html" } +# ------------ wazuh-offline-installation.sh ------------ +function offline_checkPrerequisites(){ + + dependencies=( "${@}" ) + if [ $1 == "wia_offline_dependencies" ]; then + dependencies=( "${@:2}" ) + common_logger "Checking dependencies for Wazuh installation assistant." + else + common_logger "Checking prerequisites for Offline installation." + fi + + for dep in "${dependencies[@]}"; do + if [ "${sys_type}" == "yum" ]; then + eval "yum list installed 2>/dev/null | grep -q -E ^"${dep}"\\." + elif [ "${sys_type}" == "apt-get" ]; then + eval "apt list --installed 2>/dev/null | grep -q -E ^"${dep}"\/" + fi + + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "${dep} is necessary for the offline installation." + exit 1 + fi + done + if [ $1 == "wia_offline_dependencies" ]; then + common_logger -d "Dependencies for Wazuh installation assistant are installed." + else + common_logger -d "Prerequisites for Offline installation are installed." + fi +} +function offline_checkPreinstallation() { + + offline_tarfile="${base_dest_folder}.tar.gz" + common_logger "Checking ${offline_tarfile} file." + if [ ! -f "${base_path}/${offline_tarfile}" ]; then + common_logger -e "The ${offline_tarfile} file was not found in ${base_path}." + exit 1 + fi + common_logger -d "${offline_tarfile} was found correctly." + +} +function offline_extractFiles() { + + common_logger -d "Extracting files from ${offline_tarfile}" + if [ ! -d "${base_path}/wazuh-offline/" ]; then + eval "tar -xzf ${offline_tarfile} ${debug}" + + if [ ! -d "${base_path}/wazuh-offline/" ]; then + common_logger -e "The ${offline_tarfile} file could not be decompressed." + exit 1 + fi + fi + + offline_files_path="${base_path}/wazuh-offline/wazuh-files" + offline_packages_path="${base_path}/wazuh-offline/wazuh-packages" + + required_files=( + "${offline_files_path}/filebeat.yml" + "${offline_files_path}/GPG-KEY-WAZUH" + "${offline_files_path}/wazuh-filebeat-*.tar.gz" + "${offline_files_path}/wazuh-template.json" + ) + + if [ "${sys_type}" == "apt-get" ]; then + required_files+=("${offline_packages_path}/filebeat-oss-*.deb" "${offline_packages_path}/wazuh-dashboard_*.deb" "${offline_packages_path}/wazuh-indexer_*.deb" "${offline_packages_path}/wazuh-manager_*.deb") + elif [ "${sys_type}" == "rpm" ]; then + required_files+=("${offline_packages_path}/filebeat-oss-*.rpm" "${offline_packages_path}/wazuh-dashboard_*.rpm" "${offline_packages_path}/wazuh-indexer_*.rpm" "${offline_packages_path}/wazuh-manager_*.rpm") + fi + + for file in "${required_files[@]}"; do + if ! compgen -G "${file}" > /dev/null; then + common_logger -e "Missing necessary offline file: ${file}" + exit 1 + fi + done + + common_logger -d "Offline files extracted successfully." +} +function offline_importGPGKey() { + + common_logger -d "Importing Wazuh GPG key." + if [ "${sys_type}" == "yum" ]; then + eval "rpm --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + elif [ "${sys_type}" == "apt-get" ]; then + eval "gpg --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + eval "chmod 644 ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + fi + +} + # ------------ checks.sh ------------ function checks_arch() { @@ -2905,7 +3005,7 @@ function checks_arch() { arch=$(uname -m) if [ "${arch}" != "x86_64" ]; then - common_logger -e "Uncompatible system. This script must be run on a 64-bit system." + common_logger -e "Uncompatible system. This script must be run on a 64-bit (x86_64/AMD64) system." exit 1 fi } @@ -3331,27 +3431,52 @@ function checks_available_port() { } function checks_filebeatURL() { # URL uses branch when the source_branch is not a stage branch - if [[ ! "${source_branch}" =~ "-" ]]; then + if [[ ! $last_stage ]]; then source_branch="${source_branch#v}" filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json" fi # URL using master branch - new_filebeat_url="${filebeat_wazuh_template/${source_branch}/master}" - + new_filebeat_url="${filebeat_wazuh_template/${source_branch}/main}" + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) if [ "${response}" != "200" ]; then response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) # Display error if both URLs do not get the resource if [ "${response}" != "200" ]; then - common_logger -e "Error: Could not get the Filebeat Wazuh template." + common_logger -e "Could not get the Filebeat Wazuh template." else common_logger "Using Filebeat template from master branch." filebeat_wazuh_template="${new_filebeat_url}" fi fi } +function checks_development_source_tag() { + source_branch="${source_branch}-${last_stage}" + + # Check if the stage tag exists + status_code=$(curl -s -o /dev/null -w "%{http_code}" \ + "https://api.github.com/repos/wazuh/wazuh-installation-assistant/git/refs/tags/$source_branch") + + if [ "$status_code" -ne 200 ]; then + common_logger -w "Tag '$source_branch' does not exist. Using the source branch related to the Wazuh version ($wazuh_version)." + source_branch="${wazuh_version}" + + # Check if the source branch exists + checks_source_branch + fi +} +function checks_source_branch() { + # Check if the source branch exists + status_code=$(curl -s -o /dev/null -w "%{http_code}" \ + "https://api.github.com/repos/wazuh/wazuh-installation-assistant/branches/$source_branch") + + if [ "$status_code" -ne 200 ]; then + common_logger -w "Branch '$source_branch' does not exist. Using the main branch." + source_branch="main" + fi +} function checks_firewall(){ ports_list=("$@") f_ports="" @@ -3402,103 +3527,6 @@ function checks_firewall(){ } -# ------------ wazuh-offline-installation.sh ------------ -function offline_checkPrerequisites(){ - - dependencies=( "${@}" ) - if [ $1 == "wia_offline_dependencies" ]; then - dependencies=( "${@:2}" ) - common_logger "Checking dependencies for Wazuh installation assistant." - else - common_logger "Checking prerequisites for Offline installation." - fi - - for dep in "${dependencies[@]}"; do - if [ "${sys_type}" == "yum" ]; then - eval "yum list installed 2>/dev/null | grep -q -E ^"${dep}"\\." - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt list --installed 2>/dev/null | grep -q -E ^"${dep}"\/" - fi - - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "${dep} is necessary for the offline installation." - exit 1 - fi - done - if [ $1 == "wia_offline_dependencies" ]; then - common_logger -d "Dependencies for Wazuh installation assistant are installed." - else - common_logger -d "Prerequisites for Offline installation are installed." - fi -} -function offline_checkPreinstallation() { - - offline_tarfile="${base_dest_folder}.tar.gz" - common_logger "Checking ${offline_tarfile} file." - if [ ! -f "${base_path}/${offline_tarfile}" ]; then - common_logger -e "The ${offline_tarfile} file was not found in ${base_path}." - exit 1 - fi - common_logger -d "${offline_tarfile} was found correctly." - -} -function offline_extractFiles() { - - common_logger -d "Extracting files from ${offline_tarfile}" - if [ ! -d "${base_path}/wazuh-offline/" ]; then - eval "tar -xzf ${offline_tarfile} ${debug}" - - if [ ! -d "${base_path}/wazuh-offline/" ]; then - common_logger -e "The ${offline_tarfile} file could not be decompressed." - exit 1 - fi - fi - - offline_files_path="${base_path}/wazuh-offline/wazuh-files" - offline_packages_path="${base_path}/wazuh-offline/wazuh-packages" - - required_files=( - "${offline_files_path}/filebeat.yml" - "${offline_files_path}/GPG-KEY-WAZUH" - "${offline_files_path}/wazuh-filebeat-*.tar.gz" - "${offline_files_path}/wazuh-template.json" - ) - - if [ "${sys_type}" == "apt-get" ]; then - required_files+=("${offline_packages_path}/filebeat-oss-*.deb" "${offline_packages_path}/wazuh-dashboard_*.deb" "${offline_packages_path}/wazuh-indexer_*.deb" "${offline_packages_path}/wazuh-manager_*.deb") - elif [ "${sys_type}" == "rpm" ]; then - required_files+=("${offline_packages_path}/filebeat-oss-*.rpm" "${offline_packages_path}/wazuh-dashboard_*.rpm" "${offline_packages_path}/wazuh-indexer_*.rpm" "${offline_packages_path}/wazuh-manager_*.rpm") - fi - - for file in "${required_files[@]}"; do - if ! compgen -G "${file}" > /dev/null; then - common_logger -e "Missing necessary offline file: ${file}" - exit 1 - fi - done - - common_logger -d "Offline files extracted successfully." -} -function offline_importGPGKey() { - - common_logger -d "Importing Wazuh GPG key." - if [ "${sys_type}" == "yum" ]; then - eval "rpm --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "Cannot import Wazuh GPG key" - exit 1 - fi - elif [ "${sys_type}" == "apt-get" ]; then - eval "gpg --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "Cannot import Wazuh GPG key" - exit 1 - fi - eval "chmod 644 ${offline_files_path}/GPG-KEY-WAZUH ${debug}" - fi - -} - function dist_detect() { @@ -3529,11 +3557,6 @@ if [ ! -r "/etc/os-release" ] || [ "$DIST_NAME" = "centos" ]; then DIST_VER=`sed -rn 's/.* ([0-9]{1,2})\.*[0-9]{0,2}.*/\1/p' /etc/centos-release` DIST_SUBVER=`sed -rn 's/.* [0-9]{1,2}\.*([0-9]{0,2}).*/\1/p' /etc/centos-release` - # Fedora - elif [ -r "/etc/fedora-release" ]; then - DIST_NAME="fedora" - DIST_VER=`sed -rn 's/.* ([0-9]{1,2}) .*/\1/p' /etc/fedora-release` - # RedHat elif [ -r "/etc/redhat-release" ]; then if grep -q "CentOS" /etc/redhat-release; then @@ -3551,69 +3574,20 @@ if [ ! -r "/etc/os-release" ] || [ "$DIST_NAME" = "centos" ]; then DIST_VER=$(echo $DISTRIB_RELEASE | sed -rn 's/.*([0-9][0-9])\.[0-9][0-9].*/\1/p') DIST_SUBVER=$(echo $DISTRIB_RELEASE | sed -rn 's/.*[0-9][0-9]\.([0-9][0-9]).*/\1/p') - # Gentoo - elif [ -r "/etc/gentoo-release" ]; then - DIST_NAME="gentoo" - DIST_VER=`sed -rn 's/.* ([0-9]{1,2})\.[0-9]{1,2}.*/\1/p' /etc/gentoo-release` - DIST_SUBVER=`sed -rn 's/.* [0-9]{1,2}\.([0-9]{1,2}).*/\1/p' /etc/gentoo-release` - - # SuSE - elif [ -r "/etc/SuSE-release" ]; then - DIST_NAME="suse" - DIST_VER=`sed -rn 's/.*VERSION = ([0-9]{1,2}).*/\1/p' /etc/SuSE-release` - DIST_SUBVER=`sed -rn 's/.*PATCHLEVEL = ([0-9]{1,2}).*/\1/p' /etc/SuSE-release` - if [ "$DIST_SUBVER" = "" ]; then #openSuse - DIST_SUBVER=`sed -rn 's/.*VERSION = ([0-9]{1,2})\.([0-9]{1,2}).*/\1/p' /etc/SuSE-release` - fi - - # Arch - elif [ -r "/etc/arch-release" ]; then - DIST_NAME="arch" - DIST_VER=$(uname -r | sed -rn 's/[^0-9]*([0-9]+).*/\1/p') - DIST_SUBVER=$(uname -r | sed -rn 's/[^0-9]*[0-9]+\.([0-9]+).*/\1/p') - # Debian elif [ -r "/etc/debian_version" ]; then DIST_NAME="debian" DIST_VER=`sed -rn 's/[^0-9]*([0-9]+).*/\1/p' /etc/debian_version` DIST_SUBVER=`sed -rn 's/[^0-9]*[0-9]+\.([0-9]+).*/\1/p' /etc/debian_version` - # Slackware - elif [ -r "/etc/slackware-version" ]; then - DIST_NAME="slackware" - DIST_VER=`sed -rn 's/.* ([0-9]{1,2})\.[0-9].*/\1/p' /etc/slackware-version` - DIST_SUBVER=`sed -rn 's/.* [0-9]{1,2}\.([0-9]).*/\1/p' /etc/slackware-version` - - # Darwin - elif [ "$(uname)" = "Darwin" ]; then - DIST_NAME="darwin" - DIST_VER=$(uname -r | sed -En 's/[^0-9]*([0-9]+).*/\1/p') - DIST_SUBVER=$(uname -r | sed -En 's/[^0-9]*[0-9]+\.([0-9]+).*/\1/p') - - # Solaris / SunOS - elif [ "$(uname)" = "SunOS" ]; then - DIST_NAME="sunos" - DIST_VER=$(uname -r | cut -d\. -f1) - DIST_SUBVER=$(uname -r | cut -d\. -f2) - - # HP-UX - elif [ "$(uname)" = "HP-UX" ]; then - DIST_NAME="HP-UX" - DIST_VER=$(uname -r | cut -d\. -f2) - DIST_SUBVER=$(uname -r | cut -d\. -f3) - - # AIX - elif [ "$(uname)" = "AIX" ]; then - DIST_NAME="AIX" - DIST_VER=$(oslevel | cut -d\. -f1) - DIST_SUBVER=$(oslevel | cut -d\. -f2) - - # BSD - elif [ "X$(uname)" = "XOpenBSD" -o "X$(uname)" = "XNetBSD" -o "X$(uname)" = "XFreeBSD" -o "X$(uname)" = "XDragonFly" ]; then - DIST_NAME="bsd" - DIST_VER=$(uname -r | sed -rn 's/[^0-9]*([0-9]+).*/\1/p') - DIST_SUBVER=$(uname -r | sed -rn 's/[^0-9]*[0-9]+\.([0-9]+).*/\1/p') - + # Amazon Linux 2, 2023 + elif [ -r "/etc/system-release" ]; then + if grep -q "Amazon Linux release" /etc/system-release; then + DIST_NAME="amzn" + DIST_VER_FULL=`sed -rn 's/.*release ([0-9]+(\.[0-9]+)?).*/\1/p' /etc/system-release` + DIST_VER=`echo $DIST_VER_FULL | cut -d. -f1` + DIST_SUBVER=`echo $DIST_VER_FULL | cut -d. -f2` + fi elif [ "X$(uname)" = "XLinux" ]; then DIST_NAME="Linux"