diff --git a/wazuh-install.sh b/wazuh-install.sh index 56e1004..1467cee 100644 --- a/wazuh-install.sh +++ b/wazuh-install.sh @@ -10,9 +10,9 @@ adminpem="/etc/wazuh-indexer/certs/admin.pem" adminkey="/etc/wazuh-indexer/certs/admin-key.pem" -readonly wazuh_major="4.11" -readonly wazuh_version="4.11.0" -readonly filebeat_version="7.10.2" +readonly wazuh_major="4.12" +readonly wazuh_version="4.12.0" +readonly filebeat_version="7.10.2-*" readonly wazuh_install_vesion="0.1" source_branch="v${wazuh_version}" last_stage="rc1" @@ -39,17 +39,16 @@ readonly yum_lockfile="/var/run/yum.pid" readonly apt_lockfile="/var/lib/dpkg/lock" readonly base_dest_folder="wazuh-offline" manager_deb_base_url="${base_url}/apt/pool/main/w/wazuh-manager" -readonly filebeat_deb_base_url="${base_url}/apt/pool/main/f/filebeat" -readonly filebeat_deb_package="filebeat-oss-${filebeat_version}-amd64.deb" +filebeat_deb_base_url="${base_url}/apt/pool/main/f/filebeat" indexer_deb_base_url="${base_url}/apt/pool/main/w/wazuh-indexer" dashboard_deb_base_url="${base_url}/apt/pool/main/w/wazuh-dashboard" manager_rpm_base_url="${base_url}/yum" -readonly filebeat_rpm_base_url="${base_url}/yum" -readonly filebeat_rpm_package="filebeat-oss-${filebeat_version}-x86_64.rpm" +filebeat_rpm_base_url="${base_url}/yum" indexer_rpm_base_url="${base_url}/yum" dashboard_rpm_base_url="${base_url}/yum" readonly wazuh_gpg_key="https://${bucket}/key/GPG-KEY-WAZUH" filebeat_config_file="${resources}/tpl/wazuh/filebeat/filebeat.yml" +readonly offline_filebeat_version="7.10.2" adminUser="wazuh" adminPassword="wazuh" http_port=443 @@ -68,6 +67,148 @@ readonly dashboard_apt_dependencies=( debhelper tar curl libcap2-bin gnupg apt-t readonly wia_offline_dependencies=( curl tar gnupg openssl lsof ) wia_dependencies_installed=() +config_file_dashboard_dashboard_assistant="server.host: 0.0.0.0 +opensearch.hosts: https://127.0.0.1:9200 +server.port: 443 +opensearch.ssl.verificationMode: certificate +# opensearch.username: kibanaserver +# opensearch.password: kibanaserver +opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] +server.ssl.enabled: true +server.ssl.key: \"/etc/wazuh-dashboard/certs/dashboard-key.pem\" +server.ssl.certificate: \"/etc/wazuh-dashboard/certs/dashboard.pem\" +opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] +uiSettings.overrides.defaultRoute: /app/wz-home +opensearch_security.cookie.secure: true" + +config_file_dashboard_dashboard="server.host: \"\" +opensearch.hosts: https://:9200 +server.port: 443 +opensearch.ssl.verificationMode: certificate +# opensearch.username: kibanaserver +# opensearch.password: kibanaserver +opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] +server.ssl.enabled: true +server.ssl.key: \"/etc/wazuh-dashboard/certs/kibana-key.pem\" +server.ssl.certificate: \"/etc/wazuh-dashboard/certs/kibana.pem\" +opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] +server.defaultRoute: /app/wz-home +opensearch_security.cookie.secure: true" + +config_file_dashboard_dashboard_all_in_one="server.host: 0.0.0.0 +server.port: 443 +opensearch.hosts: https://localhost:9200 +opensearch.ssl.verificationMode: certificate +# opensearch.username: kibanaserver +# opensearch.password: kibanaserver +opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] +server.ssl.enabled: true +server.ssl.key: \"/etc/wazuh-dashboard/certs/kibana-key.pem\" +server.ssl.certificate: \"/etc/wazuh-dashboard/certs/kibana.pem\" +opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] +uiSettings.overrides.defaultRoute: /app/wz-home +opensearch_security.cookie.secure: true" + +config_file_dashboard_dashboard_assistant_distributed="server.port: 443 +opensearch.ssl.verificationMode: certificate +# opensearch.username: kibanaserver +# opensearch.password: kibanaserver +opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] +server.ssl.enabled: true +server.ssl.key: \"/etc/wazuh-dashboard/certs/dashboard-key.pem\" +server.ssl.certificate: \"/etc/wazuh-dashboard/certs/dashboard.pem\" +opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] +uiSettings.overrides.defaultRoute: /app/wz-home +opensearch_security.cookie.secure: true" + +config_file_certificate_config="nodes: + # Wazuh indexer nodes + indexer: + - name: indexer-1 + ip: \"\" + - name: indexer-2 + ip: \"\" + - name: indexer-3 + ip: \"\" + server: + - name: server-1 + ip: \"\" + node_type: master + - name: server-2 + ip: \"\" + node_type: worker + - name: server-3 + ip: \"\" + node_type: worker + dashboard: + - name: dashboard-1 + ip: \"\" + - name: dashboard-2 + ip: \"\" + - name: dashboard-3 + ip: \"\"" + +config_file_certificate_config_aio="nodes: + indexer: + - name: wazuh-indexer + ip: 127.0.0.1 + server: + - name: wazuh-server + ip: 127.0.0.1 + dashboard: + - name: wazuh-dashboard + ip: 127.0.0.1" + +config_file_indexer_indexer_all_in_one="network.host: \"127.0.0.1\" +node.name: \"node-1\" +cluster.initial_master_nodes: +- \"node-1\" +cluster.name: \"wazuh-cluster\" + +node.max_local_storage_nodes: \"3\" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer + +plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem +plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem +plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.ssl.http.enabled_ciphers: + - \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\" + - \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\" + - \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\" + - \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\" +plugins.security.ssl.http.enabled_protocols: + - \"TLSv1.2\" +plugins.security.authcz.admin_dn: +- \"CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US\" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- \"CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US\" +plugins.security.restapi.roles_enabled: +- \"all_access\" +- \"security_rest_api_access\" + +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [\".opendistro-alerting-config\", \".opendistro-alerting-alert*\", \".opendistro-anomaly-results*\", \".opendistro-anomaly-detector*\", \".opendistro-anomaly-checkpoints\", \".opendistro-anomaly-detection-state\", \".opendistro-reports-*\", \".opendistro-notifications-*\", \".opendistro-notebooks\", \".opensearch-observability\", \".opendistro-asynchronous-search-response*\", \".replication-metadata-store\"] + +### Option to allow Filebeat-oss 7.10.2 to work ### +compatibility.override_main_response_version: true" + config_file_indexer_roles_roles="_meta: type: \"roles\" config_version: 2 @@ -218,63 +359,6 @@ manage_wazuh_index: tenant_permissions: [] static: false" -config_file_indexer_roles_internal_users="--- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: \"internalusers\" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: \"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\" - reserved: true - backend_roles: - - \"admin\" - description: \"Demo admin user\" - -kibanaserver: - hash: \"\$2a\$12\$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.\" - reserved: true - description: \"Demo kibanaserver user\" - -kibanaro: - hash: \"\$2a\$12\$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC\" - reserved: false - backend_roles: - - \"kibanauser\" - - \"readall\" - attributes: - attribute1: \"value1\" - attribute2: \"value2\" - attribute3: \"value3\" - description: \"Demo kibanaro user\" - -logstash: - hash: \"\$2a\$12\$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2\" - reserved: false - backend_roles: - - \"logstash\" - description: \"Demo logstash user\" - -readall: - hash: \"\$2a\$12\$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2\" - reserved: false - backend_roles: - - \"readall\" - description: \"Demo readall user\" - -snapshotrestore: - hash: \"\$2y\$12\$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W\" - reserved: false - backend_roles: - - \"snapshotrestore\" - description: \"Demo snapshotrestore user\"" - config_file_indexer_roles_roles_mapping="--- # In this file users, backendroles and hosts can be mapped to Open Distro Security roles. # Permissions for Opendistro roles are configured in roles.yml @@ -363,6 +447,63 @@ manage_wazuh_index: - \"kibanaserver\" and_backend_roles: []" +config_file_indexer_roles_internal_users="--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +_meta: + type: \"internalusers\" + config_version: 2 + +# Define your internal users here + +## Demo users + +admin: + hash: \"\$2a\$12\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\" + reserved: true + backend_roles: + - \"admin\" + description: \"Demo admin user\" + +kibanaserver: + hash: \"\$2a\$12\$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.\" + reserved: true + description: \"Demo kibanaserver user\" + +kibanaro: + hash: \"\$2a\$12\$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC\" + reserved: false + backend_roles: + - \"kibanauser\" + - \"readall\" + attributes: + attribute1: \"value1\" + attribute2: \"value2\" + attribute3: \"value3\" + description: \"Demo kibanaro user\" + +logstash: + hash: \"\$2a\$12\$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2\" + reserved: false + backend_roles: + - \"logstash\" + description: \"Demo logstash user\" + +readall: + hash: \"\$2a\$12\$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2\" + reserved: false + backend_roles: + - \"readall\" + description: \"Demo readall user\" + +snapshotrestore: + hash: \"\$2y\$12\$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W\" + reserved: false + backend_roles: + - \"snapshotrestore\" + description: \"Demo snapshotrestore user\"" + config_file_indexer_indexer="network.host: 0.0.0.0 node.name: node-1 cluster.initial_master_nodes: node-1 @@ -400,48 +541,6 @@ path.logs: /var/log/elasticsearch ### Option to allow Filebeat-oss 7.10.2 to work ### compatibility.override_main_response_version: true" -config_file_indexer_indexer_all_in_one="network.host: \"127.0.0.1\" -node.name: \"node-1\" -cluster.initial_master_nodes: -- \"node-1\" -cluster.name: \"wazuh-cluster\" - -node.max_local_storage_nodes: \"3\" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer - -plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.ssl.http.enabled_ciphers: - - \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\" - - \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\" - - \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\" - - \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\" -plugins.security.ssl.http.enabled_protocols: - - \"TLSv1.2\" -plugins.security.authcz.admin_dn: -- \"CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US\" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- \"CN=indexer,OU=Wazuh,O=Wazuh,L=California,C=US\" -plugins.security.restapi.roles_enabled: -- \"all_access\" -- \"security_rest_api_access\" - -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [\".opendistro-alerting-config\", \".opendistro-alerting-alert*\", \".opendistro-anomaly-results*\", \".opendistro-anomaly-detector*\", \".opendistro-anomaly-checkpoints\", \".opendistro-anomaly-detection-state\", \".opendistro-reports-*\", \".opendistro-notifications-*\", \".opendistro-notebooks\", \".opensearch-observability\", \".opendistro-asynchronous-search-response*\", \".replication-metadata-store\"] - -### Option to allow Filebeat-oss 7.10.2 to work ### -compatibility.override_main_response_version: true" - config_file_indexer_indexer_assistant_distributed="node.master: true node.data: true node.ingest: true @@ -484,67 +583,37 @@ plugins.security.system_indices.indices: [\".opendistro-alerting-config\", \".op ### Option to allow Filebeat-oss 7.10.2 to work ### compatibility.override_main_response_version: true" -config_file_dashboard_dashboard="server.host: \"\" -opensearch.hosts: https://:9200 -server.port: 443 -opensearch.ssl.verificationMode: certificate -# opensearch.username: kibanaserver -# opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] -server.ssl.enabled: true -server.ssl.key: \"/etc/wazuh-dashboard/certs/kibana-key.pem\" -server.ssl.certificate: \"/etc/wazuh-dashboard/certs/kibana.pem\" -opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] -server.defaultRoute: /app/wz-home -opensearch_security.cookie.secure: true" +config_file_filebeat_filebeat_elastic_cluster="# Wazuh - Filebeat configuration file +output.elasticsearch: + hosts: [\":9200\", \":9200\", \":9200\"] + protocol: https + username: \${username} + password: \${password} + ssl.certificate_authorities: + - /etc/filebeat/certs/root-ca.pem + ssl.certificate: \"/etc/filebeat/certs/filebeat.pem\" + ssl.key: \"/etc/filebeat/certs/filebeat-key.pem\" +setup.template.json.enabled: true +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' +setup.ilm.overwrite: true +setup.ilm.enabled: false -config_file_dashboard_dashboard_assistant="server.host: 0.0.0.0 -opensearch.hosts: https://127.0.0.1:9200 -server.port: 443 -opensearch.ssl.verificationMode: certificate -# opensearch.username: kibanaserver -# opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] -server.ssl.enabled: true -server.ssl.key: \"/etc/wazuh-dashboard/certs/dashboard-key.pem\" -server.ssl.certificate: \"/etc/wazuh-dashboard/certs/dashboard.pem\" -opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] -uiSettings.overrides.defaultRoute: /app/wz-home -opensearch_security.cookie.secure: true" +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false -config_file_dashboard_dashboard_assistant_distributed="server.port: 443 -opensearch.ssl.verificationMode: certificate -# opensearch.username: kibanaserver -# opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] -server.ssl.enabled: true -server.ssl.key: \"/etc/wazuh-dashboard/certs/dashboard-key.pem\" -server.ssl.certificate: \"/etc/wazuh-dashboard/certs/dashboard.pem\" -opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] -uiSettings.overrides.defaultRoute: /app/wz-home -opensearch_security.cookie.secure: true" +logging.metrics.enabled: false -config_file_dashboard_dashboard_all_in_one="server.host: 0.0.0.0 -server.port: 443 -opensearch.hosts: https://localhost:9200 -opensearch.ssl.verificationMode: certificate -# opensearch.username: kibanaserver -# opensearch.password: kibanaserver -opensearch.requestHeadersAllowlist: [\"securitytenant\",\"Authorization\"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: [\"kibana_read_only\"] -server.ssl.enabled: true -server.ssl.key: \"/etc/wazuh-dashboard/certs/kibana-key.pem\" -server.ssl.certificate: \"/etc/wazuh-dashboard/certs/kibana.pem\" -opensearch.ssl.certificateAuthorities: [\"/etc/wazuh-dashboard/certs/root-ca.pem\"] -uiSettings.overrides.defaultRoute: /app/wz-home -opensearch_security.cookie.secure: true" +seccomp: + default_action: allow + syscalls: + - action: allow + names: + - rseq" config_file_filebeat_filebeat="# Wazuh - Filebeat configuration file output.elasticsearch: @@ -571,6 +640,38 @@ filebeat.modules: logging.metrics.enabled: false +seccomp: + default_action: allow + syscalls: + - action: allow + names: + - rseq" + +config_file_filebeat_filebeat_all_in_one="# Wazuh - Filebeat configuration file +output.elasticsearch: + hosts: [\"127.0.0.1:9200\"] + protocol: https + username: \${username} + password: \${password} + ssl.certificate_authorities: + - /etc/filebeat/certs/root-ca.pem + ssl.certificate: \"/etc/filebeat/certs/filebeat.pem\" + ssl.key: \"/etc/filebeat/certs/filebeat-key.pem\" +setup.template.json.enabled: true +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' +setup.ilm.overwrite: true +setup.ilm.enabled: false + +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +logging.metrics.enabled: false + seccomp: default_action: allow syscalls: @@ -610,38 +711,6 @@ logging.files: logging.metrics.enabled: false -seccomp: - default_action: allow - syscalls: - - action: allow - names: - - rseq" - -config_file_filebeat_filebeat_elastic_cluster="# Wazuh - Filebeat configuration file -output.elasticsearch: - hosts: [\":9200\", \":9200\", \":9200\"] - protocol: https - username: \${username} - password: \${password} - ssl.certificate_authorities: - - /etc/filebeat/certs/root-ca.pem - ssl.certificate: \"/etc/filebeat/certs/filebeat.pem\" - ssl.key: \"/etc/filebeat/certs/filebeat-key.pem\" -setup.template.json.enabled: true -setup.template.json.path: '/etc/filebeat/wazuh-template.json' -setup.template.json.name: 'wazuh' -setup.ilm.overwrite: true -setup.ilm.enabled: false - -filebeat.modules: - - module: wazuh - alerts: - enabled: true - archives: - enabled: false - -logging.metrics.enabled: false - seccomp: default_action: allow syscalls: @@ -693,2319 +762,18 @@ seccomp: names: - rseq" -config_file_filebeat_filebeat_all_in_one="# Wazuh - Filebeat configuration file -output.elasticsearch: - hosts: [\"127.0.0.1:9200\"] - protocol: https - username: \${username} - password: \${password} - ssl.certificate_authorities: - - /etc/filebeat/certs/root-ca.pem - ssl.certificate: \"/etc/filebeat/certs/filebeat.pem\" - ssl.key: \"/etc/filebeat/certs/filebeat-key.pem\" -setup.template.json.enabled: true -setup.template.json.path: '/etc/filebeat/wazuh-template.json' -setup.template.json.name: 'wazuh' -setup.ilm.overwrite: true -setup.ilm.enabled: false - -filebeat.modules: - - module: wazuh - alerts: - enabled: true - archives: - enabled: false - -logging.metrics.enabled: false - -seccomp: - default_action: allow - syscalls: - - action: allow - names: - - rseq" - -config_file_certificate_config="nodes: - # Wazuh indexer nodes - indexer: - - name: indexer-1 - ip: \"\" - - name: indexer-2 - ip: \"\" - - name: indexer-3 - ip: \"\" - server: - - name: server-1 - ip: \"\" - node_type: master - - name: server-2 - ip: \"\" - node_type: worker - - name: server-3 - ip: \"\" - node_type: worker - dashboard: - - name: dashboard-1 - ip: \"\" - - name: dashboard-2 - ip: \"\" - - name: dashboard-3 - ip: \"\"" - -config_file_certificate_config_aio="nodes: - indexer: - - name: wazuh-indexer - ip: 127.0.0.1 - server: - - name: wazuh-server - ip: 127.0.0.1 - dashboard: - - name: wazuh-dashboard - ip: 127.0.0.1" - trap installCommon_cleanExit SIGINT export JAVA_HOME="/usr/share/wazuh-indexer/jdk/" -# ------------ installMain.sh ------------ -function getHelp() { - - echo -e "" - echo -e "NAME" - echo -e " $(basename "$0") - Install and configure Wazuh central components: Wazuh server, Wazuh indexer, and Wazuh dashboard." - echo -e "" - echo -e "SYNOPSIS" - echo -e " $(basename "$0") [OPTIONS] -a | -c | -s | -wi | -wd | -ws " - echo -e "" - echo -e "DESCRIPTION" - echo -e " -a, --all-in-one" - echo -e " Install and configure Wazuh server, Wazuh indexer, Wazuh dashboard." - echo -e "" - echo -e " -c, --config-file " - echo -e " Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script." - echo -e "" - echo -e " -d [pre-release|staging], --development" - echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." - echo -e "" - echo -e " -dw, --download-wazuh " - echo -e " Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)" - echo -e "" - echo -e " -fd, --force-install-dashboard" - echo -e " Force Wazuh dashboard installation to continue even when it is not capable of connecting to the Wazuh indexer." - echo -e "" - echo -e " -g, --generate-config-files" - echo -e " Generate wazuh-install-files.tar file containing the files that will be needed for installation from config.yml. In distributed deployments you will need to copy this file to all hosts." - echo -e "" - echo -e " -h, --help" - echo -e " Display this help and exit." - echo -e "" - echo -e " -i, --ignore-check" - echo -e " Ignore the check for minimum hardware requirements." - echo -e "" - echo -e " -o, --overwrite" - echo -e " Overwrites previously installed components. This will erase all the existing configuration and data." - echo -e "" - echo -e " -of, --offline-installation" - echo -e " Perform an offline installation. This option must be used with -a, -ws, -s, -wi, or -wd." - echo -e "" - echo -e " -p, --port" - echo -e " Specifies the Wazuh web user interface port. By default is the 443 TCP port. Recommended ports are: 8443, 8444, 8080, 8888, 9000." - echo -e "" - echo -e " -s, --start-cluster" - echo -e " Initialize Wazuh indexer cluster security settings." - echo -e "" - echo -e " -t, --tar " - echo -e " Path to tar file containing certificate files. By default, the Wazuh installation assistant will search for a file named wazuh-install-files.tar in the same path as the script." - echo -e "" - echo -e " -u, --uninstall" - echo -e " Uninstalls all Wazuh components. This will erase all the existing configuration and data." - echo -e "" - echo -e " -v, --verbose" - echo -e " Shows the complete installation output." - echo -e "" - echo -e " -V, --version" - echo -e " Shows the version of the script and Wazuh packages." - echo -e "" - echo -e " -wd, --wazuh-dashboard " - echo -e " Install and configure Wazuh dashboard, used for distributed deployments." - echo -e "" - echo -e " -wi, --wazuh-indexer " - echo -e " Install and configure Wazuh indexer, used for distributed deployments." - echo -e "" - echo -e " -ws, --wazuh-server " - echo -e " Install and configure Wazuh manager and Filebeat, used for distributed deployments." - exit 1 - -} -function main() { - umask 177 - - if [ -z "${1}" ]; then - getHelp - fi - - while [ -n "${1}" ] - do - case "${1}" in - "-a"|"--all-in-one") - AIO=1 - shift 1 - ;; - "-c"|"--config-file") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -c|--config-file" - getHelp - exit 1 - fi - file_conf=1 - config_file="${2}" - shift 2 - ;; - "-d"|"--development") - development=1 - if [ -n "${2}" ] && [[ ! "${2}" =~ ^- ]]; then - if [ "${2}" = "pre-release" ] || [ "${2}" = "staging" ]; then - devrepo="${2}" - else - common_logger -e "Error: Invalid value '${2}' after -d|--development. Accepted values are 'pre-release' or 'staging'." - getHelp - exit 1 - fi - shift 2 - else - devrepo="pre-release" - shift 1 - fi - checks_development_source_tag - repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" - repobaseurl="https://packages-dev.wazuh.com/${devrepo}" - reporelease="unstable" - filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json" - filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" - bucket="packages-dev.wazuh.com" - repository="${devrepo}" - ;; - - "-fd"|"--force-install-dashboard") - force=1 - shift 1 - ;; - "-g"|"--generate-config-files") - configurations=1 - shift 1 - ;; - "-h"|"--help") - getHelp - ;; - "-i"|"--ignore-check") - ignore=1 - shift 1 - ;; - "-o"|"--overwrite") - overwrite=1 - shift 1 - ;; - "-of"|"--offline-installation") - offline_install=1 - shift 1 - ;; - "-p"|"--port") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -p|--port" - getHelp - exit 1 - fi - port_specified=1 - port_number="${2}" - shift 2 - ;; - "-s"|"--start-cluster") - start_indexer_cluster=1 - shift 1 - ;; - "-t"|"--tar") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -t|--tar" - getHelp - exit 1 - fi - tar_conf=1 - tar_file="${2}" - shift 2 - ;; - "-u"|"--uninstall") - uninstall=1 - shift 1 - ;; - "-v"|"--verbose") - debugEnabled=1 - debug="2>&1 | tee -a ${logfile}" - shift 1 - ;; - "-V"|"--version") - showVersion=1 - shift 1 - ;; - "-wd"|"--wazuh-dashboard") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -wd|---wazuh-dashboard" - getHelp - exit 1 - fi - dashboard=1 - dashname="${2}" - shift 2 - ;; - "-wi"|"--wazuh-indexer") - if [ -z "${2}" ]; then - common_logger -e "Arguments contain errors. Probably missing after -wi|--wazuh-indexer." - getHelp - exit 1 - fi - indexer=1 - indxname="${2}" - shift 2 - ;; - "-ws"|"--wazuh-server") - if [ -z "${2}" ]; then - common_logger -e "Error on arguments. Probably missing after -ws|--wazuh-server" - getHelp - exit 1 - fi - wazuh=1 - winame="${2}" - shift 2 - ;; - "-dw"|"--download-wazuh") - if [ "${2}" != "deb" ] && [ "${2}" != "rpm" ]; then - common_logger -e "Error on arguments. Probably missing after -dw|--download-wazuh" - getHelp - exit 1 - fi - download=1 - package_type="${2}" - shift 2 - ;; - *) - echo "Unknow option: ${1}" - getHelp - esac - done - - cat /dev/null > "${logfile}" - - if [ -z "${download}" ] && [ -z "${showVersion}" ]; then - common_checkRoot - fi - - if [ -n "${showVersion}" ]; then - common_logger "Wazuh version: ${wazuh_version}" - common_logger "Filebeat version: ${filebeat_version}" - common_logger "Wazuh installation assistant version: ${wazuh_install_vesion}" - exit 0 - fi - - common_logger "Starting Wazuh installation assistant. Wazuh version: ${wazuh_version} (x86_64/AMD64)" - common_logger "Verbose logging redirected to ${logfile}" - -# -------------- Uninstall case ------------------------------------ - - common_checkSystem - - if [ -z "${download}" ]; then - check_dist - fi - - if [ -z "${uninstall}" ] && [ -z "${offline_install}" ]; then - installCommon_installCheckDependencies - elif [ -n "${offline_install}" ]; then - offline_checkPrerequisites "wia_offline_dependencies" "${wia_offline_dependencies[@]}" - fi - - common_checkInstalled - checks_arguments - if [ -n "${development}" ]; then - checks_filebeatURL - fi - if [ -n "${uninstall}" ]; then - installCommon_rollBack - exit 0 - fi - - checks_arch - if [ -n "${ignore}" ]; then - common_logger -w "Hardware checks ignored." - else - common_logger "Verifying that your system meets the recommended minimum hardware requirements." - checks_health - fi - -# -------------- Preliminary checks and Prerequisites -------------------------------- - - if [ -z "${configurations}" ] && [ -z "${AIO}" ] && [ -z "${download}" ]; then - checks_previousCertificate - fi - - if [ -n "${port_specified}" ]; then - checks_available_port "${port_number}" "${wazuh_aio_ports[@]}" - dashboard_changePort "${port_number}" - elif [ -n "${AIO}" ] || [ -n "${dashboard}" ]; then - dashboard_changePort "${http_port}" - fi - - if [ -n "${AIO}" ]; then - rm -f "${tar_file}" - checks_ports "${wazuh_aio_ports[@]}" - installCommon_installPrerequisites "AIO" - fi - - if [ -n "${indexer}" ]; then - checks_ports "${wazuh_indexer_ports[@]}" - installCommon_installPrerequisites "indexer" - fi - - if [ -n "${wazuh}" ]; then - checks_ports "${wazuh_manager_ports[@]}" - installCommon_installPrerequisites "wazuh" - fi - - if [ -n "${dashboard}" ]; then - checks_ports "${wazuh_dashboard_port}" - installCommon_installPrerequisites "dashboard" - fi - - -# -------------- Wazuh repo ---------------------- - - # Offline installation case: extract the compressed files - if [ -n "${offline_install}" ]; then - offline_checkPreinstallation - offline_extractFiles - offline_importGPGKey - fi - - if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then - check_curlVersion - if [ -z "${offline_install}" ]; then - installCommon_addWazuhRepo - fi - fi - -# -------------- Configuration creation case ----------------------- - - # Creation certificate case: Only AIO and -g option can create certificates. - if [ -n "${configurations}" ] || [ -n "${AIO}" ]; then - common_logger "--- Configuration files ---" - installCommon_createInstallFiles - fi - - if [ -z "${configurations}" ] && [ -z "${download}" ]; then - installCommon_extractConfig - config_file="/tmp/wazuh-install-files/config.yml" - cert_readConfig - fi - - # Distributed architecture: node names must be different - if [[ -z "${AIO}" && -z "${download}" && ( -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" ) ]]; then - checks_names - fi - - if [ -n "${configurations}" ]; then - installCommon_removeWIADependencies - fi - -# -------------- Wazuh indexer case ------------------------------- - - if [ -n "${indexer}" ]; then - common_logger "--- Wazuh indexer ---" - indexer_install - indexer_configure - installCommon_startService "wazuh-indexer" - indexer_initialize - installCommon_removeWIADependencies - fi - -# -------------- Start Wazuh indexer cluster case ------------------ - - if [ -n "${start_indexer_cluster}" ]; then - indexer_startCluster - installCommon_changePasswords - installCommon_removeWIADependencies - fi - -# -------------- Wazuh dashboard case ------------------------------ - - if [ -n "${dashboard}" ]; then - common_logger "--- Wazuh dashboard ----" - dashboard_install - dashboard_configure - installCommon_startService "wazuh-dashboard" - installCommon_changePasswords - dashboard_initialize - installCommon_removeWIADependencies - - fi - -# -------------- Wazuh server case --------------------------------------- - - if [ -n "${wazuh}" ]; then - common_logger "--- Wazuh server ---" - manager_install - manager_configure - if [ -n "${server_node_types[*]}" ]; then - manager_startCluster - fi - installCommon_startService "wazuh-manager" - filebeat_install - filebeat_configure - installCommon_changePasswords - installCommon_startService "filebeat" - installCommon_removeWIADependencies - fi - -# -------------- AIO case ------------------------------------------ - - if [ -n "${AIO}" ]; then - - common_logger "--- Wazuh indexer ---" - indexer_install - indexer_configure - installCommon_startService "wazuh-indexer" - indexer_initialize - common_logger "--- Wazuh server ---" - manager_install - manager_configure - installCommon_startService "wazuh-manager" - filebeat_install - filebeat_configure - installCommon_startService "filebeat" - common_logger "--- Wazuh dashboard ---" - dashboard_install - dashboard_configure - installCommon_startService "wazuh-dashboard" - installCommon_changePasswords - dashboard_initializeAIO - installCommon_removeWIADependencies - - fi - -# -------------- Offline case ------------------------------------------ - - if [ -n "${download}" ]; then - common_logger "--- Download Packages ---" - offline_download - fi - - -# ------------------------------------------------------------------- - - if [ -z "${configurations}" ] && [ -z "${download}" ] && [ -z "${offline_install}" ]; then - installCommon_restoreWazuhrepo - fi - - if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then - eval "rm -rf /tmp/wazuh-install-files ${debug}" - common_logger "Installation finished." - elif [ -n "${start_indexer_cluster}" ]; then - common_logger "Wazuh indexer cluster started." - fi - -} - -# ------------ indexer.sh ------------ -function indexer_configure() { - - common_logger -d "Configuring Wazuh indexer." - eval "export JAVA_HOME=/usr/share/wazuh-indexer/jdk/" - - # Configure JVM options for Wazuh indexer - ram_gb=$(free -m | awk 'FNR == 2 {print $2}') - ram="$(( ram_mb / 2 ))" - - if [ "${ram}" -eq "0" ]; then - ram=1024; - fi - eval "sed -i "s/-Xms1g/-Xms${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" - eval "sed -i "s/-Xmx1g/-Xmx${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" - - if [ -n "${AIO}" ]; then - eval "installCommon_getConfig indexer/indexer_all_in_one.yml /etc/wazuh-indexer/opensearch.yml ${debug}" - else - eval "installCommon_getConfig indexer/indexer_assistant_distributed.yml /etc/wazuh-indexer/opensearch.yml ${debug}" - if [ "${#indexer_node_names[@]}" -eq 1 ]; then - pos=0 - { - echo "node.name: ${indxname}" - echo "network.host: ${indexer_node_ips[0]}" - echo "cluster.initial_master_nodes: ${indxname}" - echo "plugins.security.nodes_dn:" - echo ' - CN='"${indxname}"',OU=Wazuh,O=Wazuh,L=California,C=US' - } >> /etc/wazuh-indexer/opensearch.yml - else - echo "node.name: ${indxname}" >> /etc/wazuh-indexer/opensearch.yml - echo "cluster.initial_master_nodes:" >> /etc/wazuh-indexer/opensearch.yml - for i in "${indexer_node_names[@]}"; do - echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml - done - - echo "discovery.seed_hosts:" >> /etc/wazuh-indexer/opensearch.yml - for i in "${indexer_node_ips[@]}"; do - echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml - done - - for i in "${!indexer_node_names[@]}"; do - if [[ "${indexer_node_names[i]}" == "${indxname}" ]]; then - pos="${i}"; - fi - done - - echo "network.host: ${indexer_node_ips[pos]}" >> /etc/wazuh-indexer/opensearch.yml - - echo "plugins.security.nodes_dn:" >> /etc/wazuh-indexer/opensearch.yml - for i in "${indexer_node_names[@]}"; do - echo " - CN=${i},OU=Wazuh,O=Wazuh,L=California,C=US" >> /etc/wazuh-indexer/opensearch.yml - done - fi - fi - - indexer_copyCertificates - - jv=$(java -version 2>&1 | grep -o -m1 '1.8.0' ) - if [ "$jv" == "1.8.0" ]; then - { - echo "wazuh-indexer hard nproc 4096" - echo "wazuh-indexer soft nproc 4096" - echo "wazuh-indexer hard nproc 4096" - echo "wazuh-indexer soft nproc 4096" - } >> /etc/security/limits.conf - echo -ne "\nbootstrap.system_call_filter: false" >> /etc/wazuh-indexer/opensearch.yml - fi - - common_logger "Wazuh indexer post-install configuration finished." -} -function indexer_copyCertificates() { - - common_logger -d "Copying Wazuh indexer certificates." - eval "rm -f ${indexer_cert_path}/* ${debug}" - name=${indexer_node_names[pos]} - - if [ -f "${tar_file}" ]; then - if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then - common_logger -e "Tar file does not contain certificate for the node ${name}." - installCommon_rollBack - exit 1; - fi - eval "mkdir ${indexer_cert_path} ${debug}" - eval "sed -i s/indexer.pem/${name}.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" - eval "sed -i s/indexer-key.pem/${name}-key.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin-key.pem --strip-components 1 ${debug}" - eval "rm -rf ${indexer_cert_path}/wazuh-install-files/ ${debug}" - eval "chown -R wazuh-indexer:wazuh-indexer ${indexer_cert_path} ${debug}" - eval "chmod 500 ${indexer_cert_path} ${debug}" - eval "chmod 400 ${indexer_cert_path}/* ${debug}" - else - common_logger -e "No certificates found. Could not initialize Wazuh indexer" - installCommon_rollBack - exit 1; - fi - -} -function indexer_initialize() { - - common_logger "Initializing Wazuh indexer cluster security settings." - eval "common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null" - e_code="${PIPESTATUS[0]}" - - if [ "${e_code}" -ne "0" ]; then - common_logger -e "Cannot initialize Wazuh indexer cluster." - installCommon_rollBack - exit 1 - fi - - if [ -n "${AIO}" ]; then - eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert ${indexer_cert_path}/root-ca.pem -cert ${indexer_cert_path}/admin.pem -key ${indexer_cert_path}/admin-key.pem -h 127.0.0.1 ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh indexer cluster security configuration initialized." - fi - fi - - if [ "${#indexer_node_names[@]}" -eq 1 ] && [ -z "${AIO}" ]; then - installCommon_changePasswords - fi - - common_logger "Wazuh indexer cluster initialized." - -} -function indexer_install() { - - common_logger "Starting Wazuh indexer installation." - - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "wazuh-indexer" "${wazuh_version}-*" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "wazuh-indexer" "${wazuh_version}-*" - fi - - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${indexer_installed}" ]; then - common_logger -e "Wazuh indexer installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh indexer installation finished." - fi - - eval "sysctl -q -w vm.max_map_count=262144 ${debug}" - -} -function indexer_startCluster() { - - common_logger -d "Starting Wazuh indexer cluster." - for ip_to_test in "${indexer_node_ips[@]}"; do - eval "common_curl -XGET https://"${ip_to_test}":9200/ -k -s -o /dev/null" - e_code="${PIPESTATUS[0]}" - - if [ "${e_code}" -eq "7" ]; then - common_logger -e "Connectivity check failed on node ${ip_to_test} port 9200. Possible causes: Wazuh indexer not installed on the node, the Wazuh indexer service is not running or you have connectivity issues with that node. Please check this before trying again." - exit 1 - fi - done - - eval "wazuh_indexer_ip=( $(cat /etc/wazuh-indexer/opensearch.yml | grep network.host | sed 's/network.host:\s//') )" - eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h ${wazuh_indexer_ip} ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh indexer cluster security configuration initialized." - fi - - # Validate Wazuh indexer security admin it is initialized - indexer_security_admin_comm="common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent -w \"%{http_code}\" --output /dev/null" - http_status=$(eval "${indexer_security_admin_comm}") - retries=0 - max_retries=5 - while [ "${http_status}" -ne 200 ]; do - common_logger -d "Waiting for Wazuh indexer to be ready. wazuh-indexer status: ${http_status}" - sleep 5 - retries=$((retries+1)) - if [ "${retries}" -eq "${max_retries}" ]; then - common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." - exit 1 - fi - http_status=$(eval "${indexer_security_admin_comm}") - done - - # Wazuh alerts template injection - if [ -n "${offline_install}" ]; then - filebeat_wazuh_template="file://${offline_files_path}/wazuh-template.json" - fi - http_status=$(eval "common_curl --silent '${filebeat_wazuh_template}' --max-time 300 --retry 5 --retry-delay 5" | eval "common_curl -X PUT 'https://${indexer_node_ips[pos]}:9200/_template/wazuh' -H \'Content-Type: application/json\' -d @- -uadmin:admin -k --max-time 300 --silent --retry 5 --retry-delay 5 -w "%{http_code}" -o /dev/null") - if [ -z "${http_status}" ] || [ "${http_status}" -ne 200 ]; then - common_logger -e "The wazuh-alerts template could not be inserted into the Wazuh indexer cluster." - exit 1 - else - common_logger -d "Inserted wazuh-alerts template into the Wazuh indexer cluster." - fi -} - -# ------------ filebeat.sh ------------ -function filebeat_configure(){ - - common_logger -d "Configuring Filebeat." - - if [ -z "${offline_install}" ]; then - eval "common_curl -sSo /etc/filebeat/wazuh-template.json ${filebeat_wazuh_template} --max-time 300 --retry 5 --retry-delay 5 --fail" - if [ ! -f "/etc/filebeat/wazuh-template.json" ]; then - common_logger -e "Error downloading wazuh-template.json file." - installCommon_rollBack - exit 1 - fi - common_logger -d "Filebeat template was download successfully." - - eval "(common_curl -sS ${filebeat_wazuh_module} --max-time 300 --retry 5 --retry-delay 5 --fail | tar -xvz -C /usr/share/filebeat/module) ${debug}" - if [ ! -d "/usr/share/filebeat/module" ]; then - common_logger -e "Error downloading wazuh filebeat module." - installCommon_rollBack - exit 1 - fi - common_logger -d "Filebeat module was downloaded successfully." - else - eval "cp ${offline_files_path}/wazuh-template.json /etc/filebeat/wazuh-template.json ${debug}" - eval "tar -xvzf ${offline_files_path}/wazuh-filebeat-*.tar.gz -C /usr/share/filebeat/module ${debug}" - fi - - eval "chmod go+r /etc/filebeat/wazuh-template.json ${debug}" - if [ -n "${AIO}" ]; then - eval "installCommon_getConfig filebeat/filebeat_assistant.yml /etc/filebeat/filebeat.yml ${debug}" - else - eval "installCommon_getConfig filebeat/filebeat_distributed.yml /etc/filebeat/filebeat.yml ${debug}" - if [ ${#indexer_node_names[@]} -eq 1 ]; then - echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml - echo " - ${indexer_node_ips[0]}:9200" >> /etc/filebeat/filebeat.yml - else - echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml - for i in "${indexer_node_ips[@]}"; do - echo " - ${i}:9200" >> /etc/filebeat/filebeat.yml - done - fi - fi - - eval "mkdir /etc/filebeat/certs ${debug}" - filebeat_copyCertificates - - eval "filebeat keystore create ${debug}" - eval "(echo admin | filebeat keystore add username --force --stdin)" "${debug}" - eval "(echo admin | filebeat keystore add password --force --stdin)" "${debug}" - - common_logger "Filebeat post-install configuration finished." -} -function filebeat_copyCertificates() { - - common_logger -d "Copying Filebeat certificates." - if [ -f "${tar_file}" ]; then - if [ -n "${AIO}" ]; then - if ! tar -tvf "${tar_file}" | grep -q "${server_node_names[0]}" ; then - common_logger -e "Tar file does not contain certificate for the node ${server_node_names[0]}." - installCommon_rollBack - exit 1 - fi - eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" - else - if ! tar -tvf "${tar_file}" | grep -q "${winame}" ; then - common_logger -e "Tar file does not contain certificate for the node ${winame}." - installCommon_rollBack - exit 1 - fi - eval "sed -i s/filebeat.pem/${winame}.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "sed -i s/filebeat-key.pem/${winame}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" - fi - eval "chmod 500 ${filebeat_cert_path} ${debug}" - eval "chmod 400 ${filebeat_cert_path}/* ${debug}" - eval "chown root:root ${filebeat_cert_path}/* ${debug}" - else - common_logger -e "No certificates found. Could not initialize Filebeat" - installCommon_rollBack - exit 1 - fi - -} -function filebeat_install() { - - common_logger "Starting Filebeat installation." - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "filebeat" "${filebeat_version}" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "filebeat" "${filebeat_version}" - fi - - install_result="${PIPESTATUS[0]}" - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${filebeat_installed}" ]; then - common_logger -e "Filebeat installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Filebeat installation finished." - fi - -} - -# ------------ dashboard.sh ------------ -function dashboard_changePort() { - - chosen_port="$1" - http_port="${chosen_port}" - wazuh_dashboard_port=( "${http_port}" ) - wazuh_aio_ports=(9200 9300 1514 1515 1516 55000 "${http_port}") - - sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' "$0" - common_logger "Wazuh web interface port will be ${chosen_port}." -} -function dashboard_configure() { - - common_logger -d "Configuring Wazuh dashboard." - if [ -n "${AIO}" ]; then - eval "installCommon_getConfig dashboard/dashboard_assistant.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - dashboard_copyCertificates "${debug}" - else - eval "installCommon_getConfig dashboard/dashboard_assistant_distributed.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - dashboard_copyCertificates "${debug}" - if [ "${#dashboard_node_names[@]}" -eq 1 ]; then - pos=0 - ip=${dashboard_node_ips[0]} - else - for i in "${!dashboard_node_names[@]}"; do - if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then - pos="${i}"; - fi - done - ip=${dashboard_node_ips[pos]} - fi - - if [[ "${ip}" != "127.0.0.1" ]]; then - echo "server.host: ${ip}" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - else - echo 'server.host: '0.0.0.0'' >> /etc/wazuh-dashboard/opensearch_dashboards.yml - fi - - if [ "${#indexer_node_names[@]}" -eq 1 ]; then - echo "opensearch.hosts: https://${indexer_node_ips[0]}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - else - echo "opensearch.hosts:" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - for i in "${indexer_node_ips[@]}"; do - echo " - https://${i}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml - done - fi - fi - - sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' /etc/wazuh-dashboard/opensearch_dashboards.yml - - common_logger "Wazuh dashboard post-install configuration finished." - -} -function dashboard_copyCertificates() { - - common_logger -d "Copying Wazuh dashboard certificates." - eval "rm -f ${dashboard_cert_path}/* ${debug}" - name=${dashboard_node_names[pos]} - - if [ -f "${tar_file}" ]; then - if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then - common_logger -e "Tar file does not contain certificate for the node ${name}." - installCommon_rollBack - exit 1; - fi - eval "mkdir ${dashboard_cert_path} ${debug}" - eval "sed -i s/dashboard.pem/${name}.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - eval "sed -i s/dashboard-key.pem/${name}-key.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" - eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" - eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" - eval "chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/ ${debug}" - eval "chmod 500 ${dashboard_cert_path} ${debug}" - eval "chmod 400 ${dashboard_cert_path}/* ${debug}" - eval "chown wazuh-dashboard:wazuh-dashboard ${dashboard_cert_path}/* ${debug}" - common_logger -d "Wazuh dashboard certificate setup finished." - else - common_logger -e "No certificates found. Wazuh dashboard could not be initialized." - installCommon_rollBack - exit 1 - fi - -} -function dashboard_initialize() { - - common_logger "Initializing Wazuh dashboard web application." - installCommon_getPass "admin" - j=0 - - if [ "${#dashboard_node_names[@]}" -eq 1 ]; then - nodes_dashboard_ip=${dashboard_node_ips[0]} - else - for i in "${!dashboard_node_names[@]}"; do - if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then - pos="${i}"; - fi - done - nodes_dashboard_ip=${dashboard_node_ips[pos]} - fi - - if [ "${nodes_dashboard_ip}" == "localhost" ] || [[ "${nodes_dashboard_ip}" == 127.* ]]; then - print_ip="" - else - print_ip="${nodes_dashboard_ip}" - fi - - until [ "$(curl -XGET https://"${nodes_dashboard_ip}":"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)" -eq "200" ] || [ "${j}" -eq "12" ]; do - sleep 10 - j=$((j+1)) - common_logger -d "Retrying Wazuh dashboard connection..." - done - - if [ ${j} -lt 12 ]; then - common_logger -d "Wazuh dashboard connection was successful." - if [ "${#server_node_names[@]}" -eq 1 ]; then - wazuh_api_address=${server_node_ips[0]} - else - for i in "${!server_node_types[@]}"; do - if [[ "${server_node_types[i]}" == "master" ]]; then - wazuh_api_address=${server_node_ips[i]} - fi - done - fi - if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then - eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" - fi - - common_logger "Wazuh dashboard web application initialized." - common_logger -nl "--- Summary ---" - common_logger -nl "You can access the web interface https://${print_ip}:${http_port}\n User: admin\n Password: ${u_pass}" - - else - flag="-w" - if [ -z "${force}" ]; then - flag="-e" - fi - failed_nodes=() - common_logger "${flag}" "Cannot connect to Wazuh dashboard." - - for i in "${!indexer_node_ips[@]}"; do - curl=$(common_curl -XGET https://"${indexer_node_ips[i]}":9200/ -uadmin:"${u_pass}" -k -s --max-time 300 --retry 5 --retry-delay 5 --fail) - exit_code=${PIPESTATUS[0]} - if [[ "${exit_code}" -eq "7" ]]; then - failed_connect=1 - failed_nodes+=("${indexer_node_names[i]}") - elif [ "${exit_code}" -eq "22" ]; then - sec_not_initialized=1 - fi - done - if [ -n "${failed_connect}" ]; then - common_logger "${flag}" "Failed to connect with ${failed_nodes[*]}. Connection refused." - fi - - if [ -n "${sec_not_initialized}" ]; then - common_logger "${flag}" "Wazuh indexer security settings not initialized. Please run the installation assistant using -s|--start-cluster in one of the wazuh indexer nodes." - fi - - if [ -z "${force}" ]; then - common_logger "If you want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -fd option" - installCommon_rollBack - exit 1 - else - common_logger -nl "--- Summary ---" - common_logger -nl "When Wazuh dashboard is able to connect to your Wazuh indexer cluster, you can access the web interface https://${print_ip}\n User: admin\n Password: ${u_pass}" - fi - fi - -} -function dashboard_initializeAIO() { - - wazuh_api_address=${server_node_ips[0]} - common_logger "Initializing Wazuh dashboard web application." - installCommon_getPass "admin" - http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) - retries=0 - max_dashboard_initialize_retries=20 - while [ "${http_code}" -ne "200" ] && [ "${retries}" -lt "${max_dashboard_initialize_retries}" ] - do - http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) - common_logger "Wazuh dashboard web application not yet initialized. Waiting..." - retries=$((retries+1)) - sleep 15 - done - if [ "${http_code}" -eq "200" ]; then - if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then - eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" - fi - common_logger "Wazuh dashboard web application initialized." - common_logger -nl "--- Summary ---" - common_logger -nl "You can access the web interface https://:${http_port}\n User: admin\n Password: ${u_pass}" - else - common_logger -e "Wazuh dashboard installation failed." - installCommon_rollBack - exit 1 - fi -} -function dashboard_install() { - - common_logger "Starting Wazuh dashboard installation." - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "wazuh-dashboard" "${wazuh_version}-*" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "wazuh-dashboard" "${wazuh_version}-*" - fi - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${dashboard_installed}" ]; then - common_logger -e "Wazuh dashboard installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh dashboard installation finished." - fi - -} - -# ------------ manager.sh ------------ -function manager_startCluster() { - - common_logger -d "Starting Wazuh manager cluster." - for i in "${!server_node_names[@]}"; do - if [[ "${server_node_names[i]}" == "${winame}" ]]; then - pos="${i}"; - fi - done - - for i in "${!server_node_types[@]}"; do - if [[ "${server_node_types[i],,}" == "master" ]]; then - master_address=${server_node_ips[i]} - fi - done - - key=$(tar -axf "${tar_file}" wazuh-install-files/clusterkey -O) - bind_address="0.0.0.0" - port="1516" - hidden="no" - disabled="no" - lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - - eval 'sed -i -e "${lstart},${lend}s/.*<\/name>/wazuh_cluster<\/name>/" \ - -e "${lstart},${lend}s/.*<\/node_name>/${winame}<\/node_name>/" \ - -e "${lstart},${lend}s/.*<\/node_type>/${server_node_types[pos],,}<\/node_type>/" \ - -e "${lstart},${lend}s/.*<\/key>/${key}<\/key>/" \ - -e "${lstart},${lend}s/.*<\/port>/${port}<\/port>/" \ - -e "${lstart},${lend}s/.*<\/bind_addr>/${bind_address}<\/bind_addr>/" \ - -e "${lstart},${lend}s/.*<\/node>/${master_address}<\/node>/" \ - -e "${lstart},${lend}s/.*<\/hidden>/${hidden}<\/hidden>/" \ - -e "${lstart},${lend}s/.*<\/disabled>/${disabled}<\/disabled>/" \ - /var/ossec/etc/ossec.conf' - -} -function manager_configure(){ - - common_logger -d "Configuring Wazuh manager." - - if [ ${#indexer_node_names[@]} -eq 1 ]; then - eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" - else - lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) - for i in "${!indexer_node_ips[@]}"; do - if [ $i -eq 0 ]; then - eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" - else - eval "sed -i '//a\ https:\/\/${indexer_node_ips[$i]}:9200<\/host>' /var/ossec/etc/ossec.conf" - fi - done - fi - eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /var/ossec/etc/ossec.conf ${debug}" - eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /var/ossec/etc/ossec.conf ${debug}" - common_logger -d "Setting provisional Wazuh indexer password." - eval "/var/ossec/bin/wazuh-keystore -f indexer -k username -v admin" - eval "/var/ossec/bin/wazuh-keystore -f indexer -k password -v admin" - common_logger "Wazuh manager vulnerability detection configuration finished." -} -function manager_install() { - - common_logger "Starting the Wazuh manager installation." - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstall "wazuh-manager" "${wazuh_version}-*" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstall "wazuh-manager" "${wazuh_version}-*" - fi - - common_checkInstalled - if [ "$install_result" != 0 ] || [ -z "${wazuh_installed}" ]; then - common_logger -e "Wazuh installation failed." - installCommon_rollBack - exit 1 - else - common_logger "Wazuh manager installation finished." - fi -} - -# ------------ installCommon.sh ------------ -function installCommon_addCentOSRepository() { - - local repo_name="$1" - local repo_description="$2" - local repo_baseurl="$3" - - echo "[$repo_name]" >> "${centos_repo}" - echo "name=${repo_description}" >> "${centos_repo}" - echo "baseurl=${repo_baseurl}" >> "${centos_repo}" - echo 'gpgcheck=1' >> "${centos_repo}" - echo 'enabled=1' >> "${centos_repo}" - echo "gpgkey=file://${centos_key}" >> "${centos_repo}" - echo '' >> "${centos_repo}" - -} -function installCommon_cleanExit() { - - rollback_conf="" - - if [ -n "$spin_pid" ]; then - eval "kill -9 $spin_pid ${debug}" - fi - - until [[ "${rollback_conf}" =~ ^[N|Y|n|y]$ ]]; do - echo -ne "\nDo you want to remove the ongoing installation?[Y/N]" - read -r rollback_conf - done - if [[ "${rollback_conf}" =~ [N|n] ]]; then - exit 1 - else - common_checkInstalled - installCommon_rollBack - exit 1 - fi - -} -function installCommon_addWazuhRepo() { - - common_logger -d "Adding the Wazuh repository." - - if [ -n "${development}" ]; then - if [ "${sys_type}" == "yum" ]; then - eval "rm -f /etc/yum.repos.d/wazuh.repo ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "rm -f /etc/apt/sources.list.d/wazuh.list ${debug}" - fi - fi - - if [ ! -f "/etc/yum.repos.d/wazuh.repo" ] && [ ! -f "/etc/zypp/repos.d/wazuh.repo" ] && [ ! -f "/etc/apt/sources.list.d/wazuh.list" ] ; then - if [ "${sys_type}" == "yum" ]; then - eval "rpm --import ${repogpg} ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "Cannot import Wazuh GPG key" - exit 1 - fi - eval "(echo -e '[wazuh]\ngpgcheck=1\ngpgkey=${repogpg}\nenabled=1\nname=EL-\${releasever} - Wazuh\nbaseurl='${repobaseurl}'/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo)" "${debug}" - eval "chmod 644 /etc/yum.repos.d/wazuh.repo ${debug}" - elif [ "${sys_type}" == "apt-get" ]; then - eval "common_curl -s ${repogpg} --max-time 300 --retry 5 --retry-delay 5 --fail | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import - ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "Cannot import Wazuh GPG key" - exit 1 - fi - eval "chmod 644 /usr/share/keyrings/wazuh.gpg ${debug}" - eval "(echo \"deb [signed-by=/usr/share/keyrings/wazuh.gpg] ${repobaseurl}/apt/ ${reporelease} main\" | tee /etc/apt/sources.list.d/wazuh.list)" "${debug}" - eval "apt-get update -q ${debug}" - eval "chmod 644 /etc/apt/sources.list.d/wazuh.list ${debug}" - fi - else - common_logger -d "Wazuh repository already exists. Skipping addition." - fi - - if [ -n "${development}" ]; then - common_logger "Wazuh development repository added." - else - common_logger "Wazuh repository added." - fi -} -function installCommon_aptInstall() { - - package="${1}" - version="${2}" - attempt=0 - if [ -n "${version}" ]; then - installer=${package}${sep}${version} - else - installer=${package} - fi - - # Offline installation case: get package name and install it - if [ -n "${offline_install}" ]; then - package_name=$(ls ${offline_packages_path} | grep ${package}) - installer="${offline_packages_path}/${package_name}" - fi - - command="DEBIAN_FRONTEND=noninteractive apt-get install ${installer} -y -q" - common_checkAptLock - - if [ "${attempt}" -ne "${max_attempts}" ]; then - apt_output=$(eval "${command} 2>&1") - install_result="${PIPESTATUS[0]}" - eval "echo \${apt_output} ${debug}" - fi - -} -function installCommon_aptInstallList(){ - - dependencies=("$@") - not_installed=() - - for dep in "${dependencies[@]}"; do - if ! apt list --installed 2>/dev/null | grep -q -E ^"${dep}"\/; then - not_installed+=("${dep}") - for wia_dep in "${wia_apt_dependencies[@]}"; do - if [ "${wia_dep}" == "${dep}" ]; then - wia_dependencies_installed+=("${dep}") - fi - done - fi - done - - if [ "${#not_installed[@]}" -gt 0 ]; then - common_logger "--- Dependencies ----" - for dep in "${not_installed[@]}"; do - common_logger "Installing $dep." - installCommon_aptInstall "${dep}" - if [ "${install_result}" != 0 ]; then - common_logger -e "Cannot install dependency: ${dep}." - installCommon_rollBack - exit 1 - fi - done - fi - -} -function installCommon_changePasswordApi() { - - common_logger -d "Changing API passwords." - - #Change API password tool - if [ -n "${changeall}" ]; then - for i in "${!api_passwords[@]}"; do - if [ -n "${wazuh}" ] || [ -n "${AIO}" ]; then - passwords_getApiUserId "${api_users[i]}" - WAZUH_PASS_API='{\"password\":\"'"${api_passwords[i]}"'\"}' - eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' - if [ "${api_users[i]}" == "${adminUser}" ]; then - sleep 1 - adminPassword="${api_passwords[i]}" - passwords_getApiToken - fi - fi - if [ "${api_users[i]}" == "wazuh-wui" ] && { [ -n "${dashboard}" ] || [ -n "${AIO}" ]; }; then - passwords_changeDashboardApiPassword "${api_passwords[i]}" - fi - done - else - if [ -n "${wazuh}" ] || [ -n "${AIO}" ]; then - passwords_getApiUserId "${nuser}" - WAZUH_PASS_API='{\"password\":\"'"${password}"'\"}' - eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' - fi - if [ "${nuser}" == "wazuh-wui" ] && { [ -n "${dashboard}" ] || [ -n "${AIO}" ]; }; then - passwords_changeDashboardApiPassword "${password}" - fi - fi - -} -function installCommon_createCertificates() { - - common_logger -d "Creating Wazuh certificates." - if [ -n "${AIO}" ]; then - eval "installCommon_getConfig certificate/config_aio.yml ${config_file} ${debug}" - fi - - cert_readConfig - - if [ -d /tmp/wazuh-certificates/ ]; then - eval "rm -rf /tmp/wazuh-certificates/ ${debug}" - fi - eval "mkdir /tmp/wazuh-certificates/ ${debug}" - - cert_tmp_path="/tmp/wazuh-certificates/" - - cert_generateRootCAcertificate - cert_generateAdmincertificate - cert_generateIndexercertificates - cert_generateFilebeatcertificates - cert_generateDashboardcertificates - cert_cleanFiles - eval "chmod 400 /tmp/wazuh-certificates/* ${debug}" - eval "mv /tmp/wazuh-certificates/* /tmp/wazuh-install-files ${debug}" - eval "rm -rf /tmp/wazuh-certificates/ ${debug}" - -} -function installCommon_createClusterKey() { - - openssl rand -hex 16 >> "/tmp/wazuh-install-files/clusterkey" - -} -function installCommon_createInstallFiles() { - - if [ -d /tmp/wazuh-install-files ]; then - eval "rm -rf /tmp/wazuh-install-files ${debug}" - fi - - if eval "mkdir /tmp/wazuh-install-files ${debug}"; then - common_logger "Generating configuration files." - - dep="openssl" - if [ "${sys_type}" == "yum" ]; then - installCommon_yumInstallList "${dep}" - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptInstallList "${dep}" - fi - - if [ "${#not_installed[@]}" -gt 0 ]; then - wia_dependencies_installed+=("${dep}") - fi - - if [ -n "${configurations}" ]; then - cert_checkOpenSSL - fi - installCommon_createCertificates - if [ -n "${server_node_types[*]}" ]; then - installCommon_createClusterKey - fi - gen_file="/tmp/wazuh-install-files/wazuh-passwords.txt" - passwords_generatePasswordFile - eval "cp '${config_file}' '/tmp/wazuh-install-files/config.yml' ${debug}" - eval "chown root:root /tmp/wazuh-install-files/* ${debug}" - eval "tar -zcf '${tar_file}' -C '/tmp/' wazuh-install-files/ ${debug}" - eval "rm -rf '/tmp/wazuh-install-files' ${debug}" - eval "rm -rf ${config_file} ${debug}" - common_logger "Created ${tar_file_name}. It contains the Wazuh cluster key, certificates, and passwords necessary for installation." - else - common_logger -e "Unable to create /tmp/wazuh-install-files" - exit 1 - fi -} -function installCommon_changePasswords() { - - common_logger -d "Setting Wazuh indexer cluster passwords." - if [ -f "${tar_file}" ]; then - eval "tar -xf ${tar_file} -C /tmp wazuh-install-files/wazuh-passwords.txt ${debug}" - p_file="/tmp/wazuh-install-files/wazuh-passwords.txt" - common_checkInstalled - if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then - changeall=1 - passwords_readUsers - else - no_indexer_backup=1 - fi - if { [ -n "${wazuh}" ] || [ -n "${AIO}" ]; } && { [ "${server_node_types[pos]}" == "master" ] || [ "${#server_node_names[@]}" -eq 1 ]; }; then - passwords_getApiToken - passwords_getApiUsers - passwords_getApiIds - else - api_users=( wazuh wazuh-wui ) - fi - installCommon_readPasswordFileUsers - else - common_logger -e "Cannot find passwords file. Exiting" - installCommon_rollBack - exit 1 - fi - if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then - passwords_getNetworkHost - passwords_generateHash - fi - - passwords_changePassword - - if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then - passwords_runSecurityAdmin - fi - if [ -n "${wazuh}" ] || [ -n "${dashboard}" ] || [ -n "${AIO}" ]; then - if [ "${server_node_types[pos]}" == "master" ] || [ "${#server_node_names[@]}" -eq 1 ] || [ -n "${dashboard_installed}" ]; then - installCommon_changePasswordApi - fi - fi - -} -function installCommon_configureCentOSRepositories() { - - centos_repos_configured=1 - centos_key="/etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial" - eval "common_curl -sLo ${centos_key} 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official' --max-time 300 --retry 5 --retry-delay 5 --fail" - - if [ ! -f "${centos_key}" ]; then - common_logger -w "The CentOS key could not be added. Some dependencies may not be installed." - else - centos_repo="/etc/yum.repos.d/centos.repo" - eval "touch ${centos_repo} ${debug}" - common_logger -d "CentOS repository file created." - - if [ "${DIST_VER}" == "9" ]; then - installCommon_addCentOSRepository "appstream" "CentOS Stream \$releasever - AppStream" "https://mirror.stream.centos.org/9-stream/AppStream/\$basearch/os/" - installCommon_addCentOSRepository "baseos" "CentOS Stream \$releasever - BaseOS" "https://mirror.stream.centos.org/9-stream/BaseOS/\$basearch/os/" - elif [ "${DIST_VER}" == "8" ]; then - installCommon_addCentOSRepository "extras" "CentOS Linux \$releasever - Extras" "http://vault.centos.org/centos/\$releasever/extras/\$basearch/os/" - installCommon_addCentOSRepository "baseos" "CentOS Linux \$releasever - BaseOS" "http://vault.centos.org/centos/\$releasever/BaseOS/\$basearch/os/" - installCommon_addCentOSRepository "appstream" "CentOS Linux \$releasever - AppStream" "http://vault.centos.org/centos/\$releasever/AppStream/\$basearch/os/" - fi - - common_logger -d "CentOS repositories added." - fi - -} -function installCommon_extractConfig() { - - common_logger -d "Extracting Wazuh configuration." - if ! tar -tf "${tar_file}" | grep -q wazuh-install-files/config.yml; then - common_logger -e "There is no config.yml file in ${tar_file}." - exit 1 - fi - eval "tar -xf ${tar_file} -C /tmp wazuh-install-files/config.yml ${debug}" - -} -function installCommon_getConfig() { - - if [ "$#" -ne 2 ]; then - common_logger -e "installCommon_getConfig should be called with two arguments" - exit 1 - fi - - config_name="config_file_$(eval "echo ${1} | sed 's|/|_|g;s|.yml||'")" - if [ -z "$(eval "echo \${${config_name}}")" ]; then - common_logger -e "Unable to find configuration file ${1}. Exiting." - installCommon_rollBack - exit 1 - fi - eval "echo \"\${${config_name}}\"" > "${2}" -} -function installCommon_getPass() { - - for i in "${!users[@]}"; do - if [ "${users[i]}" == "${1}" ]; then - u_pass=${passwords[i]} - fi - done -} -function installCommon_installCheckDependencies() { - - common_logger -d "Installing check dependencies." - if [ "${sys_type}" == "yum" ]; then - if [[ "${DIST_NAME}" == "rhel" ]] && [[ "${DIST_VER}" == "8" || "${DIST_VER}" == "9" ]]; then - installCommon_configureCentOSRepositories - fi - installCommon_yumInstallList "${wia_yum_dependencies[@]}" - - # In RHEL cases, remove the CentOS repositories configuration - if [ "${centos_repos_configured}" == 1 ]; then - installCommon_removeCentOSrepositories - fi - - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt-get update -q ${debug}" - installCommon_aptInstallList "${wia_apt_dependencies[@]}" - fi - -} -function installCommon_installPrerequisites() { - - message="Installing prerequisites dependencies." - if [ "${sys_type}" == "yum" ]; then - if [ "${1}" == "AIO" ]; then - deps=($(echo "${indexer_yum_dependencies[@]}" "${dashboard_yum_dependencies[@]}" | tr ' ' '\n' | sort -u)) - if [ -z "${offline_install}" ]; then - common_logger -d "${message}" - installCommon_yumInstallList "${deps[@]}" - else - offline_checkPrerequisites "${deps[@]}" - fi - fi - if [ "${1}" == "indexer" ]; then - if [ -z "${offline_install}" ]; then - common_logger -d "${message}" - installCommon_yumInstallList "${indexer_yum_dependencies[@]}" - else - offline_checkPrerequisites "${indexer_yum_dependencies[@]}" - fi - fi - if [ "${1}" == "dashboard" ]; then - if [ -z "${offline_install}" ]; then - common_logger -d "${message}" - installCommon_yumInstallList "${dashboard_yum_dependencies[@]}" - else - offline_checkPrerequisites "${dashboard_yum_dependencies[@]}" - fi - fi - elif [ "${sys_type}" == "apt-get" ]; then - if [ -z "${offline_install}" ]; then - eval "apt-get update -q ${debug}" - fi - if [ "${1}" == "AIO" ]; then - deps=($(echo "${wazuh_apt_dependencies[@]}" "${indexer_apt_dependencies[@]}" "${dashboard_apt_dependencies[@]}" | tr ' ' '\n' | sort -u)) - if [ -z "${offline_install}" ]; then - common_logger -d "${message}" - installCommon_aptInstallList "${deps[@]}" - else - offline_checkPrerequisites "${deps[@]}" - fi - fi - if [ "${1}" == "indexer" ]; then - if [ -z "${offline_install}" ]; then - common_logger -d "${message}" - installCommon_aptInstallList "${indexer_apt_dependencies[@]}" - else - offline_checkPrerequisites "${indexer_apt_dependencies[@]}" - fi - fi - if [ "${1}" == "dashboard" ]; then - if [ -z "${offline_install}" ]; then - common_logger -d "${message}" - installCommon_aptInstallList "${dashboard_apt_dependencies[@]}" - else - offline_checkPrerequisites "${dashboard_apt_dependencies[@]}" - fi - fi - if [ "${1}" == "wazuh" ]; then - if [ -z "${offline_install}" ]; then - common_logger -d "${message}" - installCommon_aptInstallList "${wazuh_apt_dependencies[@]}" - else - offline_checkPrerequisites "${wazuh_apt_dependencies[@]}" - fi - fi - fi - -} -function installCommon_readPasswordFileUsers() { - - filecorrect=$(grep -Ev '^#|^\s*$' "${p_file}" | grep -Pzc "\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\"]?[\w.*+?-]+[\'\"]?)+\Z") - if [[ "${filecorrect}" -ne 1 ]]; then - common_logger -e "The password file does not have a correct format or password uses invalid characters. Allowed characters: A-Za-z0-9.*+? - -For Wazuh indexer users, the file must have this format: - -# Description - indexer_username: - indexer_password: - -For Wazuh API users, the file must have this format: - -# Description - api_username: - api_password: - -" - installCommon_rollBack - exit 1 - fi - - sfileusers=$(grep indexer_username: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") - sfilepasswords=$(grep indexer_password: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") - - sfileapiusers=$(grep api_username: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") - sfileapipasswords=$(grep api_password: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") - - - mapfile -t fileusers < <(printf '%s\n' "${sfileusers}") - mapfile -t filepasswords < <(printf '%s\n' "${sfilepasswords}") - mapfile -t fileapiusers < <(printf '%s\n' "${sfileapiusers}") - mapfile -t fileapipasswords < <(printf '%s\n' "${sfileapipasswords}") - - if [ -n "${changeall}" ]; then - for j in "${!fileusers[@]}"; do - supported=false - for i in "${!users[@]}"; do - if [[ ${users[i]} == "${fileusers[j]}" ]]; then - passwords_checkPassword "${filepasswords[j]}" - passwords[i]=${filepasswords[j]} - supported=true - fi - done - if [ "${supported}" = false ] && [ -n "${indexer_installed}" ]; then - common_logger -e -d "The given user ${fileusers[j]} does not exist" - fi - done - - for j in "${!fileapiusers[@]}"; do - supported=false - for i in "${!api_users[@]}"; do - if [[ "${api_users[i]}" == "${fileapiusers[j]}" ]]; then - passwords_checkPassword "${fileapipasswords[j]}" - api_passwords[i]=${fileapipasswords[j]} - supported=true - fi - done - if [ "${supported}" = false ] && [ -n "${indexer_installed}" ]; then - common_logger -e "The Wazuh API user ${fileapiusers[j]} does not exist" - fi - done - else - finalusers=() - finalpasswords=() - - finalapiusers=() - finalapipasswords=() - - if [ -n "${dashboard_installed}" ] && [ -n "${dashboard}" ]; then - users=( kibanaserver admin ) - fi - - if [ -n "${filebeat_installed}" ] && [ -n "${wazuh}" ]; then - users=( admin ) - fi - - for j in "${!fileusers[@]}"; do - supported=false - for i in "${!users[@]}"; do - if [[ "${users[i]}" == "${fileusers[j]}" ]]; then - passwords_checkPassword "${filepasswords[j]}" - finalusers+=(${fileusers[j]}) - finalpasswords+=(${filepasswords[j]}) - supported=true - fi - done - if [ "${supported}" = "false" ] && [ -n "${indexer_installed}" ] && [ -n "${changeall}" ]; then - common_logger -e -d "The given user ${fileusers[j]} does not exist" - fi - done - - for j in "${!fileapiusers[@]}"; do - supported=false - for i in "${!api_users[@]}"; do - if [[ "${api_users[i]}" == "${fileapiusers[j]}" ]]; then - passwords_checkPassword "${fileapipasswords[j]}" - finalapiusers+=("${fileapiusers[j]}") - finalapipasswords+=("${fileapipasswords[j]}") - supported=true - fi - done - if [ ${supported} = false ] && [ -n "${indexer_installed}" ]; then - common_logger -e "The Wazuh API user ${fileapiusers[j]} does not exist" - fi - done - - users=() - mapfile -t users < <(printf '%s\n' "${finalusers[@]}") - mapfile -t passwords < <(printf '%s\n' "${finalpasswords[@]}") - mapfile -t api_users < <(printf '%s\n' "${finalapiusers[@]}") - mapfile -t api_passwords < <(printf '%s\n' "${finalapipasswords[@]}") - changeall=1 - fi - -} -function installCommon_restoreWazuhrepo() { - - common_logger -d "Restoring Wazuh repository." - if [ -n "${development}" ]; then - if [ "${sys_type}" == "yum" ] && [ -f "/etc/yum.repos.d/wazuh.repo" ]; then - file="/etc/yum.repos.d/wazuh.repo" - elif [ "${sys_type}" == "apt-get" ] && [ -f "/etc/apt/sources.list.d/wazuh.list" ]; then - file="/etc/apt/sources.list.d/wazuh.list" - else - common_logger -w -d "Wazuh repository does not exists." - fi - eval "sed -i 's/-dev//g' ${file} ${debug}" - eval "sed -i 's/pre-release/4.x/g' ${file} ${debug}" - eval "sed -i 's/unstable/stable/g' ${file} ${debug}" - fi - -} -function installCommon_removeCentOSrepositories() { - - eval "rm -f ${centos_repo} ${debug}" - eval "rm -f ${centos_key} ${debug}" - eval "yum clean all ${debug}" - centos_repos_configured=0 - common_logger -d "CentOS repositories and key deleted." - -} -function installCommon_rollBack() { - - if [ -z "${uninstall}" ]; then - common_logger "--- Removing existing Wazuh installation ---" - fi - - if [ -f "/etc/yum.repos.d/wazuh.repo" ]; then - eval "rm /etc/yum.repos.d/wazuh.repo ${debug}" - elif [ -f "/etc/zypp/repos.d/wazuh.repo" ]; then - eval "rm /etc/zypp/repos.d/wazuh.repo ${debug}" - elif [ -f "/etc/apt/sources.list.d/wazuh.list" ]; then - eval "rm /etc/apt/sources.list.d/wazuh.list ${debug}" - fi - - if [[ -n "${wazuh_installed}" && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]];then - common_logger "Removing Wazuh manager." - if [ "${sys_type}" == "yum" ]; then - common_checkYumLock - if [ "${attempt}" -ne "${max_attempts}" ]; then - eval "yum remove wazuh-manager -y ${debug}" - eval "rpm -q wazuh-manager --quiet && manager_installed=1" - fi - elif [ "${sys_type}" == "apt-get" ]; then - common_checkAptLock - eval "apt-get remove --purge wazuh-manager -y ${debug}" - manager_installed=$(apt list --installed 2>/dev/null | grep wazuh-manager) - fi - - if [ -n "${manager_installed}" ]; then - common_logger -w "The Wazuh manager package could not be removed." - else - common_logger "Wazuh manager removed." - fi - - fi - - if [[ ( -n "${wazuh_remaining_files}" || -n "${wazuh_installed}" ) && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/ossec/ ${debug}" - fi - - if [[ -n "${indexer_installed}" && ( -n "${indexer}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - common_logger "Removing Wazuh indexer." - if [ "${sys_type}" == "yum" ]; then - common_checkYumLock - if [ "${attempt}" -ne "${max_attempts}" ]; then - eval "yum remove wazuh-indexer -y ${debug}" - eval "rpm -q wazuh-indexer --quiet && indexer_installed=1" - fi - elif [ "${sys_type}" == "apt-get" ]; then - common_checkAptLock - eval "apt-get remove --purge wazuh-indexer -y ${debug}" - indexer_installed=$(apt list --installed 2>/dev/null | grep wazuh-indexer) - fi - - if [ -n "${indexer_installed}" ]; then - common_logger -w "The Wazuh indexer package could not be removed." - else - common_logger "Wazuh indexer removed." - fi - fi - - if [[ ( -n "${indexer_remaining_files}" || -n "${indexer_installed}" ) && ( -n "${indexer}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/lib/wazuh-indexer/ ${debug}" - eval "rm -rf /usr/share/wazuh-indexer/ ${debug}" - eval "rm -rf /etc/wazuh-indexer/ ${debug}" - fi - - if [[ -n "${filebeat_installed}" && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - common_logger "Removing Filebeat." - if [ "${sys_type}" == "yum" ]; then - common_checkYumLock - if [ "${attempt}" -ne "${max_attempts}" ]; then - eval "yum remove filebeat -y ${debug}" - eval "rpm -q filebeat --quiet && filebeat_installed=1" - fi - elif [ "${sys_type}" == "apt-get" ]; then - common_checkAptLock - eval "apt-get remove --purge filebeat -y ${debug}" - filebeat_installed=$(apt list --installed 2>/dev/null | grep filebeat) - fi - - if [ -n "${filebeat_installed}" ]; then - common_logger -w "The Filebeat package could not be removed." - else - common_logger "Filebeat removed." - fi - fi - - if [[ ( -n "${filebeat_remaining_files}" || -n "${filebeat_installed}" ) && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/lib/filebeat/ ${debug}" - eval "rm -rf /usr/share/filebeat/ ${debug}" - eval "rm -rf /etc/filebeat/ ${debug}" - fi - - if [[ -n "${dashboard_installed}" && ( -n "${dashboard}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - common_logger "Removing Wazuh dashboard." - if [ "${sys_type}" == "yum" ]; then - common_checkYumLock - if [ "${attempt}" -ne "${max_attempts}" ]; then - eval "yum remove wazuh-dashboard -y ${debug}" - eval "rpm -q wazuh-dashboard --quiet && dashboard_installed=1" - fi - elif [ "${sys_type}" == "apt-get" ]; then - common_checkAptLock - eval "apt-get remove --purge wazuh-dashboard -y ${debug}" - dashboard_installed=$(apt list --installed 2>/dev/null | grep wazuh-dashboard) - fi - - if [ -n "${dashboard_installed}" ]; then - common_logger -w "The Wazuh dashboard package could not be removed." - else - common_logger "Wazuh dashboard removed." - fi - fi - - if [[ ( -n "${dashboard_remaining_files}" || -n "${dashboard_installed}" ) && ( -n "${dashboard}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then - eval "rm -rf /var/lib/wazuh-dashboard/ ${debug}" - eval "rm -rf /usr/share/wazuh-dashboard/ ${debug}" - eval "rm -rf /etc/wazuh-dashboard/ ${debug}" - eval "rm -rf /run/wazuh-dashboard/ ${debug}" - fi - - elements_to_remove=( "/var/log/wazuh-indexer/" - "/var/log/filebeat/" - "/etc/systemd/system/opensearch.service.wants/" - "/securityadmin_demo.sh" - "/etc/systemd/system/multi-user.target.wants/wazuh-manager.service" - "/etc/systemd/system/multi-user.target.wants/filebeat.service" - "/etc/systemd/system/multi-user.target.wants/opensearch.service" - "/etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service" - "/etc/systemd/system/wazuh-dashboard.service" - "/lib/firewalld/services/dashboard.xml" - "/lib/firewalld/services/opensearch.xml" ) - - eval "rm -rf ${elements_to_remove[*]} ${debug}" - - common_remove_gpg_key - - installCommon_removeWIADependencies - - eval "systemctl daemon-reload ${debug}" - - if [ -z "${uninstall}" ]; then - if [ -n "${rollback_conf}" ] || [ -n "${overwrite}" ]; then - common_logger "Installation cleaned." - else - common_logger "Installation cleaned. Check the ${logfile} file to learn more about the issue." - fi - fi - -} -function installCommon_startService() { - - if [ "$#" -ne 1 ]; then - common_logger -e "installCommon_startService must be called with 1 argument." - exit 1 - fi - - common_logger "Starting service ${1}." - - if [[ -d /run/systemd/system ]]; then - eval "systemctl daemon-reload ${debug}" - eval "systemctl enable ${1}.service ${debug}" - eval "systemctl start ${1}.service ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "${1} could not be started." - if [ -n "$(command -v journalctl)" ]; then - eval "journalctl -u ${1} >> ${logfile}" - fi - installCommon_rollBack - exit 1 - else - common_logger "${1} service started." - fi - elif ps -p 1 -o comm= | grep "init"; then - eval "chkconfig ${1} on ${debug}" - eval "service ${1} start ${debug}" - eval "/etc/init.d/${1} start ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "${1} could not be started." - if [ -n "$(command -v journalctl)" ]; then - eval "journalctl -u ${1} >> ${logfile}" - fi - installCommon_rollBack - exit 1 - else - common_logger "${1} service started." - fi - elif [ -x "/etc/rc.d/init.d/${1}" ] ; then - eval "/etc/rc.d/init.d/${1} start ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "${1} could not be started." - if [ -n "$(command -v journalctl)" ]; then - eval "journalctl -u ${1} >> ${logfile}" - fi - installCommon_rollBack - exit 1 - else - common_logger "${1} service started." - fi - else - common_logger -e "${1} could not start. No service manager found on the system." - exit 1 - fi - -} -function installCommon_yumInstallList(){ - - dependencies=("$@") - not_installed=() - for dep in "${dependencies[@]}"; do - if ! rpm -q "${dep}" --quiet;then - not_installed+=("${dep}") - for wia_dep in "${wia_yum_dependencies[@]}"; do - if [ "${wia_dep}" == "${dep}" ]; then - wia_dependencies_installed+=("${dep}") - fi - done - fi - done - - if [ "${#not_installed[@]}" -gt 0 ]; then - common_logger "--- Dependencies ---" - for dep in "${not_installed[@]}"; do - common_logger "Installing $dep." - installCommon_yumInstall "${dep}" - yum_code="${PIPESTATUS[0]}" - - eval "echo \${yum_output} ${debug}" - if [ "${yum_code}" != 0 ]; then - common_logger -e "Cannot install dependency: ${dep}." - installCommon_rollBack - exit 1 - fi - done - fi - -} -function installCommon_removeWIADependencies() { - - if [ "${sys_type}" == "yum" ]; then - installCommon_yumRemoveWIADependencies - elif [ "${sys_type}" == "apt-get" ]; then - installCommon_aptRemoveWIADependencies - fi - -} -function installCommon_yumRemoveWIADependencies(){ - - if [ "${#wia_dependencies_installed[@]}" -gt 0 ]; then - common_logger "--- Dependencies ---" - for dep in "${wia_dependencies_installed[@]}"; do - if [ "${dep}" != "systemd" ]; then - common_logger "Removing $dep." - yum_output=$(yum remove ${dep} -y 2>&1) - yum_code="${PIPESTATUS[0]}" - - eval "echo \${yum_output} ${debug}" - if [ "${yum_code}" != 0 ]; then - common_logger -e "Cannot remove dependency: ${dep}." - exit 1 - fi - fi - done - fi - -} -function installCommon_aptRemoveWIADependencies(){ - - if [ "${#wia_dependencies_installed[@]}" -gt 0 ]; then - common_logger "--- Dependencies ----" - for dep in "${wia_dependencies_installed[@]}"; do - if [ "${dep}" != "systemd" ]; then - common_logger "Removing $dep." - apt_output=$(apt-get remove --purge ${dep} -y 2>&1) - apt_code="${PIPESTATUS[0]}" - - eval "echo \${apt_output} ${debug}" - if [ "${apt_code}" != 0 ]; then - common_logger -e "Cannot remove dependency: ${dep}." - exit 1 - fi - fi - done - fi - -} -function installCommon_yumInstall() { - - package="${1}" - version="${2}" - install_result=1 - if [ -n "${version}" ]; then - installer="${package}-${version}" - else - installer="${package}" - fi - - # Offline installation case: get package name and install it - if [ -n "${offline_install}" ]; then - package_name=$(ls ${offline_packages_path} | grep ${package}) - installer="${offline_packages_path}/${package_name}" - command="rpm -ivh ${installer}" - common_logger -d "Installing local package: ${installer}" - else - command="yum install ${installer} -y" - fi - common_checkYumLock - - if [ "${attempt}" -ne "${max_attempts}" ]; then - yum_output=$(eval "${command} 2>&1") - install_result="${PIPESTATUS[0]}" - eval "echo \${yum_output} ${debug}" - fi - -} -function installCommon_checkAptLock() { - - attempt=0 - seconds=30 - max_attempts=10 - - while fuser "${apt_lockfile}" >/dev/null 2>&1 && [ "${attempt}" -lt "${max_attempts}" ]; do - attempt=$((attempt+1)) - common_logger "Another process is using APT. Waiting for it to release the lock. Next retry in ${seconds} seconds (${attempt}/${max_attempts})" - sleep "${seconds}" - done - -} - -# ------------ wazuh-offline-download.sh ------------ -function offline_download() { - - common_logger "Starting Wazuh packages download." - common_logger "Downloading Wazuh ${package_type} packages for ${arch}." - dest_path="${base_dest_folder}/wazuh-packages" - - if [ -d "${dest_path}" ]; then - eval "rm -f ${dest_path}/* ${debug}" # Clean folder before downloading specific versions - eval "chmod 700 ${dest_path} ${debug}" - else - eval "mkdir -m700 -p ${dest_path} ${debug}" # Create folder if it does not exist - fi - - packages_to_download=( "manager" "filebeat" "indexer" "dashboard" ) - - manager_revision="1" - indexer_revision="1" - dashboard_revision="1" - - if [ -n "${development}" ]; then - filebeat_config_file="https://${bucket}/${wazuh_major}/tpl/wazuh/filebeat/filebeat.yml" - if [ "${package_type}" == "rpm" ]; then - manager_rpm_base_url="${repobaseurl}/yum" - indexer_rpm_base_url="${repobaseurl}/yum" - dashboard_rpm_base_url="${repobaseurl}/yum" - elif [ "${package_type}" == "deb" ]; then - manager_deb_base_url="${repobaseurl}/apt/pool/main/w/wazuh-manager" - indexer_deb_base_url="${repobaseurl}/apt/pool/main/w/wazuh-indexer" - dashboard_deb_base_url="${repobaseurl}/apt/pool/main/w/wazuh-dashboard" - fi - fi - - if [ "${package_type}" == "rpm" ]; then - manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.x86_64.${package_type}" - indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.x86_64.${package_type}" - dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.x86_64.${package_type}" - manager_base_url="${manager_rpm_base_url}" - indexer_base_url="${indexer_rpm_base_url}" - dashboard_base_url="${dashboard_rpm_base_url}" - manager_package="${manager_rpm_package}" - indexer_package="${indexer_rpm_package}" - dashboard_package="${dashboard_rpm_package}" - elif [ "${package_type}" == "deb" ]; then - manager_deb_package="wazuh-manager_${wazuh_version}-${manager_revision}_amd64.${package_type}" - indexer_deb_package="wazuh-indexer_${wazuh_version}-${indexer_revision}_amd64.${package_type}" - dashboard_deb_package="wazuh-dashboard_${wazuh_version}-${dashboard_revision}_amd64.${package_type}" - manager_base_url="${manager_deb_base_url}" - indexer_base_url="${indexer_deb_base_url}" - dashboard_base_url="${dashboard_deb_base_url}" - manager_package="${manager_deb_package}" - indexer_package="${indexer_deb_package}" - dashboard_package="${dashboard_deb_package}" - else - common_logger "Unsupported package type: ${package_type}" - exit 1 - fi - - while common_curl -s -I -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do - manager_revision=$((manager_revision+1)) - if [ "${package_type}" == "rpm" ]; then - manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.x86_64.rpm" - manager_package="${manager_rpm_package}" - else - manager_deb_package="wazuh-manager_${wazuh_version}-${manager_revision}_amd64.deb" - manager_package="${manager_deb_package}" - fi - done - if [ "$manager_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then - manager_revision=$((manager_revision-1)) - if [ "${package_type}" == "rpm" ]; then - manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.x86_64.rpm" - else - manager_deb_package="wazuh-manager_${wazuh_version}-${manager_revision}_amd64.deb" - fi - fi - common_logger -d "Wazuh manager package revision fetched." - - while common_curl -s -I -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do - indexer_revision=$((indexer_revision+1)) - if [ "${package_type}" == "rpm" ]; then - indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.x86_64.rpm" - indexer_package="${indexer_rpm_package}" - else - indexer_deb_package="wazuh-indexer_${wazuh_version}-${indexer_revision}_amd64.deb" - indexer_package="${indexer_deb_package}" - fi - done - if [ "$indexer_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then - indexer_revision=$((indexer_revision-1)) - if [ "${package_type}" == "rpm" ]; then - indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.x86_64.rpm" - else - indexer_deb_package="wazuh-indexer_${wazuh_version}-${indexer_revision}_amd64.deb" - fi - fi - common_logger -d "Wazuh indexer package revision fetched." - - while common_curl -s -I -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do - dashboard_revision=$((dashboard_revision+1)) - if [ "${package_type}" == "rpm" ]; then - dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.x86_64.rpm" - dashboard_package="${dashboard_rpm_package}" - else - dashboard_deb_package="wazuh-dashboard_${wazuh_version}-${dashboard_revision}_amd64.deb" - dashboard_package="${dashboard_deb_package}" - fi - done - if [ "$dashboard_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then - dashboard_revision=$((dashboard_revision-1)) - if [ "${package_type}" == "rpm" ]; then - dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.x86_64.rpm" - else - dashboard_deb_package="wazuh-dashboard_${wazuh_version}-${dashboard_revision}_amd64.deb" - fi - fi - common_logger -d "Wazuh dashboard package revision fetched." - - for package in "${packages_to_download[@]}" - do - common_logger -d "Downloading Wazuh ${package} package..." - package_name="${package}_${package_type}_package" - eval "package_base_url=${package}_${package_type}_base_url" - - if output=$(common_curl -sSo "${dest_path}/${!package_name}" "${!package_base_url}/${!package_name}" --max-time 300 --retry 5 --retry-delay 5 --fail 2>&1); then - common_logger "The ${package} package was downloaded." - else - common_logger -e "The ${package} package could not be downloaded. Exiting." - eval "echo \${output} ${debug}" - exit 1 - fi - - done - - common_logger "The packages are in ${dest_path}" - -# -------------------------------------------------- - - common_logger "Downloading configuration files and assets." - dest_path="${base_dest_folder}/wazuh-files" - - if [ -d "${dest_path}" ]; then - eval "rm -f ${dest_path}/* ${debug}" # Clean folder before downloading specific versions - eval "chmod 700 ${dest_path} ${debug}" - else - eval "mkdir -m700 -p ${dest_path} ${debug}" # Create folder if it does not exist - fi - - files_to_download=( "${wazuh_gpg_key}" "${filebeat_config_file}" "${filebeat_wazuh_template}" "${filebeat_wazuh_module}" ) - - eval "cd ${dest_path}" - for file in "${files_to_download[@]}" - do - common_logger -d "Downloading ${file}..." - if output=$(common_curl -sSO ${file} --max-time 300 --retry 5 --retry-delay 5 --fail 2>&1); then - common_logger "The resource ${file} was downloaded." - else - common_logger -e "The resource ${file} could not be downloaded. Exiting." - eval "echo \${output} ${debug}" - exit 1 - fi - - done - eval "cd - > /dev/null" - - eval "chmod 500 ${base_dest_folder} ${debug}" - - common_logger "The configuration files and assets are in wazuh-offline.tar.gz" - - eval "tar -czf ${base_dest_folder}.tar.gz ${base_dest_folder} ${debug}" - eval "chmod -R 700 ${base_dest_folder} && rm -rf ${base_dest_folder} ${debug}" - - common_logger "You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html" - -} -# ------------ wazuh-offline-installation.sh ------------ -function offline_checkPrerequisites(){ - - dependencies=( "${@}" ) - if [ $1 == "wia_offline_dependencies" ]; then - dependencies=( "${@:2}" ) - common_logger "Checking dependencies for Wazuh installation assistant." - else - common_logger "Checking prerequisites for Offline installation." - fi - - for dep in "${dependencies[@]}"; do - if [ "${sys_type}" == "yum" ]; then - eval "yum list installed 2>/dev/null | grep -q -E ^"${dep}"\\." - elif [ "${sys_type}" == "apt-get" ]; then - eval "apt list --installed 2>/dev/null | grep -q -E ^"${dep}"\/" - fi - - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "${dep} is necessary for the offline installation." - exit 1 - fi - done - if [ $1 == "wia_offline_dependencies" ]; then - common_logger -d "Dependencies for Wazuh installation assistant are installed." - else - common_logger -d "Prerequisites for Offline installation are installed." - fi -} -function offline_checkPreinstallation() { - - offline_tarfile="${base_dest_folder}.tar.gz" - common_logger "Checking ${offline_tarfile} file." - if [ ! -f "${base_path}/${offline_tarfile}" ]; then - common_logger -e "The ${offline_tarfile} file was not found in ${base_path}." - exit 1 - fi - common_logger -d "${offline_tarfile} was found correctly." - -} -function offline_extractFiles() { - - common_logger -d "Extracting files from ${offline_tarfile}" - if [ ! -d "${base_path}/wazuh-offline/" ]; then - eval "tar -xzf ${offline_tarfile} ${debug}" - - if [ ! -d "${base_path}/wazuh-offline/" ]; then - common_logger -e "The ${offline_tarfile} file could not be decompressed." - exit 1 - fi - fi - - offline_files_path="${base_path}/wazuh-offline/wazuh-files" - offline_packages_path="${base_path}/wazuh-offline/wazuh-packages" - - required_files=( - "${offline_files_path}/filebeat.yml" - "${offline_files_path}/GPG-KEY-WAZUH" - "${offline_files_path}/wazuh-filebeat-*.tar.gz" - "${offline_files_path}/wazuh-template.json" - ) - - if [ "${sys_type}" == "apt-get" ]; then - required_files+=("${offline_packages_path}/filebeat-oss-*.deb" "${offline_packages_path}/wazuh-dashboard_*.deb" "${offline_packages_path}/wazuh-indexer_*.deb" "${offline_packages_path}/wazuh-manager_*.deb") - elif [ "${sys_type}" == "rpm" ]; then - required_files+=("${offline_packages_path}/filebeat-oss-*.rpm" "${offline_packages_path}/wazuh-dashboard_*.rpm" "${offline_packages_path}/wazuh-indexer_*.rpm" "${offline_packages_path}/wazuh-manager_*.rpm") - fi - - for file in "${required_files[@]}"; do - if ! compgen -G "${file}" > /dev/null; then - common_logger -e "Missing necessary offline file: ${file}" - exit 1 - fi - done - - common_logger -d "Offline files extracted successfully." -} -function offline_importGPGKey() { - - common_logger -d "Importing Wazuh GPG key." - if [ "${sys_type}" == "yum" ]; then - eval "rpm --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "Cannot import Wazuh GPG key" - exit 1 - fi - elif [ "${sys_type}" == "apt-get" ]; then - eval "gpg --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "Cannot import Wazuh GPG key" - exit 1 - fi - eval "chmod 644 ${offline_files_path}/GPG-KEY-WAZUH ${debug}" - fi - -} - # ------------ checks.sh ------------ function checks_arch() { common_logger -d "Checking system architecture." - arch=$(uname -m) + architecture=$(uname -m) - if [ "${arch}" != "x86_64" ]; then - common_logger -e "Uncompatible system. This script must be run on a 64-bit (x86_64/AMD64) system." + if [ "${architecture}" == "x86_64" ] || [ "${architecture}" == "aarch64" ]; then + common_logger -d "System architecture: ${architecture}" + else + common_logger -e "Uncompatible system architecture: ${architecture}. Supported any 64-bit system" exit 1 fi } @@ -3038,6 +806,37 @@ function checks_arguments() { fi fi + if [ -n "${download}" ] && [ -z "${download_arch}" ]; then + common_logger -e "To download the packages it is necessary to set the architecture in -da|--download-arch " + exit 1 + fi + + if [ -n "${download}" ] && [ -n "${download_arch}" ]; then + if [ "${package_type}" = "deb" ]; then + if [ "${arch}" != "amd64" ] && [ "${arch}" != "arm64" ]; then + if [ "${arch}" = "x86_64" ]; then + common_logger -e "Architecture ${arch} not valid for package type ${package_type}. Use amd64 instead." + elif [ "${arch}" = "aarch64" ]; then + common_logger -e "Architecture ${arch} not valid for package type ${package_type}. Use arm64 instead." + else + common_logger -e "Architecture ${arch} not valid for package type ${package_type}" + fi + exit 1 + fi + elif [ "${package_type}" = "rpm" ]; then + if [ "${arch}" != "x86_64" ] && [ "${arch}" != "aarch64" ]; then + if [ "${arch}" = "amd64" ]; then + common_logger -e "Architecture ${arch} not valid for package type ${package_type}. Use x86_64 instead." + elif [ "${arch}" = "arm64" ]; then + common_logger -e "Architecture ${arch} not valid for package type ${package_type}. Use aarch64 instead." + else + common_logger -e "Architecture ${arch} not valid for package type ${package_type}" + fi + exit 1 + fi + fi + fi + # -------------- Configurations --------------------------------- if [ -f "${tar_file}" ]; then @@ -3527,6 +1326,2281 @@ function checks_firewall(){ } +# ------------ installMain.sh ------------ +function getHelp() { + + echo -e "" + echo -e "NAME" + echo -e " $(basename "$0") - Install and configure Wazuh central components: Wazuh server, Wazuh indexer, and Wazuh dashboard." + echo -e "" + echo -e "SYNOPSIS" + echo -e " $(basename "$0") [OPTIONS] -a | -c | -s | -wi | -wd | -ws " + echo -e "" + echo -e "DESCRIPTION" + echo -e " -a, --all-in-one" + echo -e " Install and configure Wazuh server, Wazuh indexer, Wazuh dashboard." + echo -e "" + echo -e " -c, --config-file " + echo -e " Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script." + echo -e "" + echo -e " -d [pre-release|staging], --development" + echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." + echo -e "" + echo -e " -dw, --download-wazuh " + echo -e " Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)" + echo -e "" + echo -e " -da, --download-arch " + echo -e " Define the architecture of the packages to download for offline installation." + echo -e "" + echo -e " -fd, --force-install-dashboard" + echo -e " Force Wazuh dashboard installation to continue even when it is not capable of connecting to the Wazuh indexer." + echo -e "" + echo -e " -g, --generate-config-files" + echo -e " Generate wazuh-install-files.tar file containing the files that will be needed for installation from config.yml. In distributed deployments you will need to copy this file to all hosts." + echo -e "" + echo -e " -h, --help" + echo -e " Display this help and exit." + echo -e "" + echo -e " -i, --ignore-check" + echo -e " Ignore the check for minimum hardware requirements." + echo -e "" + echo -e " -o, --overwrite" + echo -e " Overwrites previously installed components. This will erase all the existing configuration and data." + echo -e "" + echo -e " -of, --offline-installation" + echo -e " Perform an offline installation. This option must be used with -a, -ws, -s, -wi, or -wd." + echo -e "" + echo -e " -p, --port" + echo -e " Specifies the Wazuh web user interface port. By default is the 443 TCP port. Recommended ports are: 8443, 8444, 8080, 8888, 9000." + echo -e "" + echo -e " -s, --start-cluster" + echo -e " Initialize Wazuh indexer cluster security settings." + echo -e "" + echo -e " -t, --tar " + echo -e " Path to tar file containing certificate files. By default, the Wazuh installation assistant will search for a file named wazuh-install-files.tar in the same path as the script." + echo -e "" + echo -e " -u, --uninstall" + echo -e " Uninstalls all Wazuh components. This will erase all the existing configuration and data." + echo -e "" + echo -e " -v, --verbose" + echo -e " Shows the complete installation output." + echo -e "" + echo -e " -V, --version" + echo -e " Shows the version of the script and Wazuh packages." + echo -e "" + echo -e " -wd, --wazuh-dashboard " + echo -e " Install and configure Wazuh dashboard, used for distributed deployments." + echo -e "" + echo -e " -wi, --wazuh-indexer " + echo -e " Install and configure Wazuh indexer, used for distributed deployments." + echo -e "" + echo -e " -ws, --wazuh-server " + echo -e " Install and configure Wazuh manager and Filebeat, used for distributed deployments." + exit 1 + +} +function main() { + umask 177 + + if [ -z "${1}" ]; then + getHelp + fi + + while [ -n "${1}" ] + do + case "${1}" in + "-a"|"--all-in-one") + AIO=1 + shift 1 + ;; + "-c"|"--config-file") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -c|--config-file" + getHelp + exit 1 + fi + file_conf=1 + config_file="${2}" + shift 2 + ;; + "-d"|"--development") + development=1 + if [ -n "${2}" ] && [[ ! "${2}" =~ ^- ]]; then + if [ "${2}" = "pre-release" ] || [ "${2}" = "staging" ]; then + devrepo="${2}" + else + common_logger -e "Error: Invalid value '${2}' after -d|--development. Accepted values are 'pre-release' or 'staging'." + getHelp + exit 1 + fi + shift 2 + else + devrepo="pre-release" + shift 1 + fi + checks_development_source_tag + repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" + repobaseurl="https://packages-dev.wazuh.com/${devrepo}" + reporelease="unstable" + filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json" + filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" + bucket="packages-dev.wazuh.com" + repository="${devrepo}" + ;; + + "-fd"|"--force-install-dashboard") + force=1 + shift 1 + ;; + "-g"|"--generate-config-files") + configurations=1 + shift 1 + ;; + "-h"|"--help") + getHelp + ;; + "-i"|"--ignore-check") + ignore=1 + shift 1 + ;; + "-o"|"--overwrite") + overwrite=1 + shift 1 + ;; + "-of"|"--offline-installation") + offline_install=1 + shift 1 + ;; + "-p"|"--port") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -p|--port" + getHelp + exit 1 + fi + port_specified=1 + port_number="${2}" + shift 2 + ;; + "-s"|"--start-cluster") + start_indexer_cluster=1 + shift 1 + ;; + "-t"|"--tar") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -t|--tar" + getHelp + exit 1 + fi + tar_conf=1 + tar_file="${2}" + shift 2 + ;; + "-u"|"--uninstall") + uninstall=1 + shift 1 + ;; + "-v"|"--verbose") + debugEnabled=1 + debug="2>&1 | tee -a ${logfile}" + shift 1 + ;; + "-V"|"--version") + showVersion=1 + shift 1 + ;; + "-wd"|"--wazuh-dashboard") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -wd|---wazuh-dashboard" + getHelp + exit 1 + fi + dashboard=1 + dashname="${2}" + shift 2 + ;; + "-wi"|"--wazuh-indexer") + if [ -z "${2}" ]; then + common_logger -e "Arguments contain errors. Probably missing after -wi|--wazuh-indexer." + getHelp + exit 1 + fi + indexer=1 + indxname="${2}" + shift 2 + ;; + "-ws"|"--wazuh-server") + if [ -z "${2}" ]; then + common_logger -e "Error on arguments. Probably missing after -ws|--wazuh-server" + getHelp + exit 1 + fi + wazuh=1 + winame="${2}" + shift 2 + ;; + "-dw"|"--download-wazuh") + if [ "${2}" != "deb" ] && [ "${2}" != "rpm" ]; then + common_logger -e "Error on arguments. Probably missing after -dw|--download-wazuh" + getHelp + exit 1 + fi + download=1 + package_type="${2}" + shift 2 + ;; + "-da"|"--download-arch") + if [ "${2}" != "amd64" ] && [ "${2}" != "x86_64" ] && [ "${2}" != "arm64" ] && [ "${2}" != "aarch64" ]; then + common_logger -e "Error on arguments. Probably missing after -da|--download-arch" + getHelp + exit 1 + fi + download_arch=1 + arch="${2}" + shift 2 + ;; + *) + echo "Unknow option: ${1}" + getHelp + esac + done + + cat /dev/null > "${logfile}" + + if [ -z "${download}" ] && [ -z "${showVersion}" ]; then + common_checkRoot + fi + + if [ -n "${showVersion}" ]; then + common_logger "Wazuh version: ${wazuh_version}" + common_logger "Filebeat version: ${filebeat_version}" + common_logger "Wazuh installation assistant version: ${wazuh_install_vesion}" + exit 0 + fi + + common_logger "Starting Wazuh installation assistant. Wazuh version: ${wazuh_version}" + common_logger "Verbose logging redirected to ${logfile}" + +# -------------- Uninstall case ------------------------------------ + + common_checkSystem + + if [ -z "${download}" ]; then + check_dist + fi + + if [ -z "${uninstall}" ] && [ -z "${offline_install}" ]; then + installCommon_installCheckDependencies + elif [ -n "${offline_install}" ]; then + offline_checkPrerequisites "wia_offline_dependencies" "${wia_offline_dependencies[@]}" + fi + + common_checkInstalled + checks_arguments + if [ -n "${development}" ]; then + checks_filebeatURL + fi + if [ -n "${uninstall}" ]; then + installCommon_rollBack + exit 0 + fi + + checks_arch + if [ -n "${ignore}" ]; then + common_logger -w "Hardware checks ignored." + else + common_logger "Verifying that your system meets the recommended minimum hardware requirements." + checks_health + fi + +# -------------- Preliminary checks and Prerequisites -------------------------------- + + if [ -z "${configurations}" ] && [ -z "${AIO}" ] && [ -z "${download}" ]; then + checks_previousCertificate + fi + + if [ -n "${port_specified}" ]; then + checks_available_port "${port_number}" "${wazuh_aio_ports[@]}" + dashboard_changePort "${port_number}" + elif [ -n "${AIO}" ] || [ -n "${dashboard}" ]; then + dashboard_changePort "${http_port}" + fi + + if [ -n "${AIO}" ]; then + rm -f "${tar_file}" + checks_ports "${wazuh_aio_ports[@]}" + installCommon_installPrerequisites "AIO" + fi + + if [ -n "${indexer}" ]; then + checks_ports "${wazuh_indexer_ports[@]}" + installCommon_installPrerequisites "indexer" + fi + + if [ -n "${wazuh}" ]; then + checks_ports "${wazuh_manager_ports[@]}" + installCommon_installPrerequisites "wazuh" + fi + + if [ -n "${dashboard}" ]; then + checks_ports "${wazuh_dashboard_port}" + installCommon_installPrerequisites "dashboard" + fi + + +# -------------- Wazuh repo ---------------------- + + # Offline installation case: extract the compressed files + if [ -n "${offline_install}" ]; then + offline_checkPreinstallation + offline_extractFiles + offline_importGPGKey + fi + + if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then + check_curlVersion + if [ -z "${offline_install}" ]; then + installCommon_addWazuhRepo + fi + fi + +# -------------- Configuration creation case ----------------------- + + # Creation certificate case: Only AIO and -g option can create certificates. + if [ -n "${configurations}" ] || [ -n "${AIO}" ]; then + common_logger "--- Configuration files ---" + installCommon_createInstallFiles + fi + + if [ -z "${configurations}" ] && [ -z "${download}" ]; then + installCommon_extractConfig + config_file="/tmp/wazuh-install-files/config.yml" + cert_readConfig + fi + + # Distributed architecture: node names must be different + if [[ -z "${AIO}" && -z "${download}" && ( -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" ) ]]; then + checks_names + fi + + if [ -n "${configurations}" ]; then + installCommon_removeWIADependencies + fi + +# -------------- Wazuh indexer case ------------------------------- + + if [ -n "${indexer}" ]; then + common_logger "--- Wazuh indexer ---" + indexer_install + indexer_configure + installCommon_startService "wazuh-indexer" + indexer_initialize + installCommon_removeWIADependencies + fi + +# -------------- Start Wazuh indexer cluster case ------------------ + + if [ -n "${start_indexer_cluster}" ]; then + indexer_startCluster + installCommon_changePasswords + installCommon_removeWIADependencies + fi + +# -------------- Wazuh dashboard case ------------------------------ + + if [ -n "${dashboard}" ]; then + common_logger "--- Wazuh dashboard ----" + dashboard_install + dashboard_configure + installCommon_startService "wazuh-dashboard" + installCommon_changePasswords + dashboard_initialize + installCommon_removeWIADependencies + + fi + +# -------------- Wazuh server case --------------------------------------- + + if [ -n "${wazuh}" ]; then + common_logger "--- Wazuh server ---" + manager_install + manager_configure + if [ -n "${server_node_types[*]}" ]; then + manager_startCluster + fi + installCommon_startService "wazuh-manager" + filebeat_install + filebeat_configure + installCommon_changePasswords + installCommon_startService "filebeat" + installCommon_removeWIADependencies + fi + +# -------------- AIO case ------------------------------------------ + + if [ -n "${AIO}" ]; then + + common_logger "--- Wazuh indexer ---" + indexer_install + indexer_configure + installCommon_startService "wazuh-indexer" + indexer_initialize + common_logger "--- Wazuh server ---" + manager_install + manager_configure + installCommon_startService "wazuh-manager" + filebeat_install + filebeat_configure + installCommon_startService "filebeat" + common_logger "--- Wazuh dashboard ---" + dashboard_install + dashboard_configure + installCommon_startService "wazuh-dashboard" + installCommon_changePasswords + dashboard_initializeAIO + installCommon_removeWIADependencies + + fi + +# -------------- Offline case ------------------------------------------ + + if [ -n "${download}" ]; then + common_logger "--- Download Packages ---" + offline_download + fi + + +# ------------------------------------------------------------------- + + if [ -z "${configurations}" ] && [ -z "${download}" ] && [ -z "${offline_install}" ]; then + installCommon_restoreWazuhrepo + fi + + if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then + eval "rm -rf /tmp/wazuh-install-files ${debug}" + common_logger "Installation finished." + elif [ -n "${start_indexer_cluster}" ]; then + common_logger "Wazuh indexer cluster started." + fi + +} + +# ------------ filebeat.sh ------------ +function filebeat_configure(){ + + common_logger -d "Configuring Filebeat." + + if [ -z "${offline_install}" ]; then + eval "common_curl -sSo /etc/filebeat/wazuh-template.json ${filebeat_wazuh_template} --max-time 300 --retry 5 --retry-delay 5 --fail" + if [ ! -f "/etc/filebeat/wazuh-template.json" ]; then + common_logger -e "Error downloading wazuh-template.json file." + installCommon_rollBack + exit 1 + fi + common_logger -d "Filebeat template was download successfully." + + eval "(common_curl -sS ${filebeat_wazuh_module} --max-time 300 --retry 5 --retry-delay 5 --fail | tar -xvz -C /usr/share/filebeat/module) ${debug}" + if [ ! -d "/usr/share/filebeat/module" ]; then + common_logger -e "Error downloading wazuh filebeat module." + installCommon_rollBack + exit 1 + fi + common_logger -d "Filebeat module was downloaded successfully." + else + eval "cp ${offline_files_path}/wazuh-template.json /etc/filebeat/wazuh-template.json ${debug}" + eval "tar -xvzf ${offline_files_path}/wazuh-filebeat-*.tar.gz -C /usr/share/filebeat/module ${debug}" + fi + + eval "chmod go+r /etc/filebeat/wazuh-template.json ${debug}" + if [ -n "${AIO}" ]; then + eval "installCommon_getConfig filebeat/filebeat_assistant.yml /etc/filebeat/filebeat.yml ${debug}" + else + eval "installCommon_getConfig filebeat/filebeat_distributed.yml /etc/filebeat/filebeat.yml ${debug}" + if [ ${#indexer_node_names[@]} -eq 1 ]; then + echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml + echo " - ${indexer_node_ips[0]}:9200" >> /etc/filebeat/filebeat.yml + else + echo -e "\noutput.elasticsearch.hosts:" >> /etc/filebeat/filebeat.yml + for i in "${indexer_node_ips[@]}"; do + echo " - ${i}:9200" >> /etc/filebeat/filebeat.yml + done + fi + fi + + eval "mkdir /etc/filebeat/certs ${debug}" + filebeat_copyCertificates + + eval "filebeat keystore create ${debug}" + eval "(echo admin | filebeat keystore add username --force --stdin)" "${debug}" + eval "(echo admin | filebeat keystore add password --force --stdin)" "${debug}" + + common_logger "Filebeat post-install configuration finished." +} +function filebeat_copyCertificates() { + + common_logger -d "Copying Filebeat certificates." + if [ -f "${tar_file}" ]; then + if [ -n "${AIO}" ]; then + if ! tar -tvf "${tar_file}" | grep -q "${server_node_names[0]}" ; then + common_logger -e "Tar file does not contain certificate for the node ${server_node_names[0]}." + installCommon_rollBack + exit 1 + fi + eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} --wildcards wazuh-install-files/${server_node_names[0]}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" + else + if ! tar -tvf "${tar_file}" | grep -q "${winame}" ; then + common_logger -e "Tar file does not contain certificate for the node ${winame}." + installCommon_rollBack + exit 1 + fi + eval "sed -i s/filebeat.pem/${winame}.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "sed -i s/filebeat-key.pem/${winame}-key.pem/ /etc/filebeat/filebeat.yml ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/${winame}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${filebeat_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "rm -rf ${filebeat_cert_path}/wazuh-install-files/ ${debug}" + fi + eval "chmod 500 ${filebeat_cert_path} ${debug}" + eval "chmod 400 ${filebeat_cert_path}/* ${debug}" + eval "chown root:root ${filebeat_cert_path}/* ${debug}" + else + common_logger -e "No certificates found. Could not initialize Filebeat" + installCommon_rollBack + exit 1 + fi + +} +function filebeat_install() { + + common_logger "Starting Filebeat installation." + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "filebeat" "${filebeat_version}" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "filebeat" "${filebeat_version}" + fi + + install_result="${PIPESTATUS[0]}" + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${filebeat_installed}" ]; then + common_logger -e "Filebeat installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Filebeat installation finished." + fi + +} + +# ------------ installCommon.sh ------------ +function installCommon_addCentOSRepository() { + + local repo_name="$1" + local repo_description="$2" + local repo_baseurl="$3" + + echo "[$repo_name]" >> "${centos_repo}" + echo "name=${repo_description}" >> "${centos_repo}" + echo "baseurl=${repo_baseurl}" >> "${centos_repo}" + echo 'gpgcheck=1' >> "${centos_repo}" + echo 'enabled=1' >> "${centos_repo}" + echo "gpgkey=file://${centos_key}" >> "${centos_repo}" + echo '' >> "${centos_repo}" + +} +function installCommon_cleanExit() { + + rollback_conf="" + + if [ -n "$spin_pid" ]; then + eval "kill -9 $spin_pid ${debug}" + fi + + until [[ "${rollback_conf}" =~ ^[N|Y|n|y]$ ]]; do + echo -ne "\nDo you want to remove the ongoing installation?[Y/N]" + read -r rollback_conf + done + if [[ "${rollback_conf}" =~ [N|n] ]]; then + exit 1 + else + common_checkInstalled + installCommon_rollBack + exit 1 + fi + +} +function installCommon_addWazuhRepo() { + + common_logger -d "Adding the Wazuh repository." + + if [ -n "${development}" ]; then + if [ "${sys_type}" == "yum" ]; then + eval "rm -f /etc/yum.repos.d/wazuh.repo ${debug}" + elif [ "${sys_type}" == "apt-get" ]; then + eval "rm -f /etc/apt/sources.list.d/wazuh.list ${debug}" + fi + fi + + if [ ! -f "/etc/yum.repos.d/wazuh.repo" ] && [ ! -f "/etc/zypp/repos.d/wazuh.repo" ] && [ ! -f "/etc/apt/sources.list.d/wazuh.list" ] ; then + if [ "${sys_type}" == "yum" ]; then + eval "rpm --import ${repogpg} ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + eval "(echo -e '[wazuh]\ngpgcheck=1\ngpgkey=${repogpg}\nenabled=1\nname=EL-\${releasever} - Wazuh\nbaseurl='${repobaseurl}'/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo)" "${debug}" + eval "chmod 644 /etc/yum.repos.d/wazuh.repo ${debug}" + elif [ "${sys_type}" == "apt-get" ]; then + eval "common_curl -s ${repogpg} --max-time 300 --retry 5 --retry-delay 5 --fail | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import - ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + eval "chmod 644 /usr/share/keyrings/wazuh.gpg ${debug}" + eval "(echo \"deb [signed-by=/usr/share/keyrings/wazuh.gpg] ${repobaseurl}/apt/ ${reporelease} main\" | tee /etc/apt/sources.list.d/wazuh.list)" "${debug}" + eval "apt-get update -q ${debug}" + eval "chmod 644 /etc/apt/sources.list.d/wazuh.list ${debug}" + fi + else + common_logger -d "Wazuh repository already exists. Skipping addition." + fi + + if [ -n "${development}" ]; then + common_logger "Wazuh development repository added." + else + common_logger "Wazuh repository added." + fi +} +function installCommon_aptInstall() { + + package="${1}" + version="${2}" + attempt=0 + if [ -n "${version}" ]; then + installer=${package}${sep}${version} + else + installer=${package} + fi + + # Offline installation case: get package name and install it + if [ -n "${offline_install}" ]; then + package_name=$(ls ${offline_packages_path} | grep ${package}) + installer="${offline_packages_path}/${package_name}" + fi + + command="DEBIAN_FRONTEND=noninteractive apt-get install ${installer} -y -q" + common_checkAptLock + + if [ "${attempt}" -ne "${max_attempts}" ]; then + apt_output=$(eval "${command} 2>&1") + install_result="${PIPESTATUS[0]}" + eval "echo \${apt_output} ${debug}" + fi + +} +function installCommon_aptInstallList(){ + + dependencies=("$@") + not_installed=() + + for dep in "${dependencies[@]}"; do + if ! apt list --installed 2>/dev/null | grep -q -E ^"${dep}"\/; then + not_installed+=("${dep}") + for wia_dep in "${wia_apt_dependencies[@]}"; do + if [ "${wia_dep}" == "${dep}" ]; then + wia_dependencies_installed+=("${dep}") + fi + done + fi + done + + if [ "${#not_installed[@]}" -gt 0 ]; then + common_logger "--- Dependencies ----" + for dep in "${not_installed[@]}"; do + common_logger "Installing $dep." + installCommon_aptInstall "${dep}" + if [ "${install_result}" != 0 ]; then + common_logger -e "Cannot install dependency: ${dep}." + installCommon_rollBack + exit 1 + fi + done + fi + +} +function installCommon_changePasswordApi() { + + common_logger -d "Changing API passwords." + + #Change API password tool + if [ -n "${changeall}" ]; then + for i in "${!api_passwords[@]}"; do + if [ -n "${wazuh}" ] || [ -n "${AIO}" ]; then + passwords_getApiUserId "${api_users[i]}" + WAZUH_PASS_API='{\"password\":\"'"${api_passwords[i]}"'\"}' + eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' + if [ "${api_users[i]}" == "${adminUser}" ]; then + sleep 1 + adminPassword="${api_passwords[i]}" + passwords_getApiToken + fi + fi + if [ "${api_users[i]}" == "wazuh-wui" ] && { [ -n "${dashboard}" ] || [ -n "${AIO}" ]; }; then + passwords_changeDashboardApiPassword "${api_passwords[i]}" + fi + done + else + if [ -n "${wazuh}" ] || [ -n "${AIO}" ]; then + passwords_getApiUserId "${nuser}" + WAZUH_PASS_API='{\"password\":\"'"${password}"'\"}' + eval 'common_curl -s -k -X PUT -H \"Authorization: Bearer $TOKEN_API\" -H \"Content-Type: application/json\" -d "$WAZUH_PASS_API" "https://localhost:55000/security/users/${user_id}" -o /dev/null --max-time 300 --retry 5 --retry-delay 5 --fail' + fi + if [ "${nuser}" == "wazuh-wui" ] && { [ -n "${dashboard}" ] || [ -n "${AIO}" ]; }; then + passwords_changeDashboardApiPassword "${password}" + fi + fi + +} +function installCommon_createCertificates() { + + common_logger -d "Creating Wazuh certificates." + if [ -n "${AIO}" ]; then + eval "installCommon_getConfig certificate/config_aio.yml ${config_file} ${debug}" + fi + + cert_readConfig + + if [ -d /tmp/wazuh-certificates/ ]; then + eval "rm -rf /tmp/wazuh-certificates/ ${debug}" + fi + eval "mkdir /tmp/wazuh-certificates/ ${debug}" + + cert_tmp_path="/tmp/wazuh-certificates/" + + cert_generateRootCAcertificate + cert_generateAdmincertificate + cert_generateIndexercertificates + cert_generateFilebeatcertificates + cert_generateDashboardcertificates + cert_cleanFiles + eval "chmod 400 /tmp/wazuh-certificates/* ${debug}" + eval "mv /tmp/wazuh-certificates/* /tmp/wazuh-install-files ${debug}" + eval "rm -rf /tmp/wazuh-certificates/ ${debug}" + +} +function installCommon_createClusterKey() { + + openssl rand -hex 16 >> "/tmp/wazuh-install-files/clusterkey" + +} +function installCommon_createInstallFiles() { + + if [ -d /tmp/wazuh-install-files ]; then + eval "rm -rf /tmp/wazuh-install-files ${debug}" + fi + + if eval "mkdir /tmp/wazuh-install-files ${debug}"; then + common_logger "Generating configuration files." + + dep="openssl" + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstallList "${dep}" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstallList "${dep}" + fi + + if [ "${#not_installed[@]}" -gt 0 ]; then + wia_dependencies_installed+=("${dep}") + fi + + if [ -n "${configurations}" ]; then + cert_checkOpenSSL + fi + installCommon_createCertificates + if [ -n "${server_node_types[*]}" ]; then + installCommon_createClusterKey + fi + gen_file="/tmp/wazuh-install-files/wazuh-passwords.txt" + passwords_generatePasswordFile + eval "cp '${config_file}' '/tmp/wazuh-install-files/config.yml' ${debug}" + eval "chown root:root /tmp/wazuh-install-files/* ${debug}" + eval "tar -zcf '${tar_file}' -C '/tmp/' wazuh-install-files/ ${debug}" + eval "rm -rf '/tmp/wazuh-install-files' ${debug}" + eval "rm -rf ${config_file} ${debug}" + common_logger "Created ${tar_file_name}. It contains the Wazuh cluster key, certificates, and passwords necessary for installation." + else + common_logger -e "Unable to create /tmp/wazuh-install-files" + exit 1 + fi +} +function installCommon_changePasswords() { + + common_logger -d "Setting Wazuh indexer cluster passwords." + if [ -f "${tar_file}" ]; then + eval "tar -xf ${tar_file} -C /tmp wazuh-install-files/wazuh-passwords.txt ${debug}" + p_file="/tmp/wazuh-install-files/wazuh-passwords.txt" + common_checkInstalled + if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then + changeall=1 + passwords_readUsers + else + no_indexer_backup=1 + fi + if { [ -n "${wazuh}" ] || [ -n "${AIO}" ]; } && { [ "${server_node_types[pos]}" == "master" ] || [ "${#server_node_names[@]}" -eq 1 ]; }; then + passwords_getApiToken + passwords_getApiUsers + passwords_getApiIds + else + api_users=( wazuh wazuh-wui ) + fi + installCommon_readPasswordFileUsers + else + common_logger -e "Cannot find passwords file. Exiting" + installCommon_rollBack + exit 1 + fi + if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then + passwords_getNetworkHost + passwords_generateHash + fi + + passwords_changePassword + + if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then + passwords_runSecurityAdmin + fi + if [ -n "${wazuh}" ] || [ -n "${dashboard}" ] || [ -n "${AIO}" ]; then + if [ "${server_node_types[pos]}" == "master" ] || [ "${#server_node_names[@]}" -eq 1 ] || [ -n "${dashboard_installed}" ]; then + installCommon_changePasswordApi + fi + fi + +} +function installCommon_configureCentOSRepositories() { + + centos_repos_configured=1 + centos_key="/etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial" + eval "common_curl -sLo ${centos_key} 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official' --max-time 300 --retry 5 --retry-delay 5 --fail" + + if [ ! -f "${centos_key}" ]; then + common_logger -w "The CentOS key could not be added. Some dependencies may not be installed." + else + centos_repo="/etc/yum.repos.d/centos.repo" + eval "touch ${centos_repo} ${debug}" + common_logger -d "CentOS repository file created." + + if [ "${DIST_VER}" == "9" ]; then + installCommon_addCentOSRepository "appstream" "CentOS Stream \$releasever - AppStream" "https://mirror.stream.centos.org/9-stream/AppStream/\$basearch/os/" + installCommon_addCentOSRepository "baseos" "CentOS Stream \$releasever - BaseOS" "https://mirror.stream.centos.org/9-stream/BaseOS/\$basearch/os/" + elif [ "${DIST_VER}" == "8" ]; then + installCommon_addCentOSRepository "extras" "CentOS Linux \$releasever - Extras" "http://vault.centos.org/centos/\$releasever/extras/\$basearch/os/" + installCommon_addCentOSRepository "baseos" "CentOS Linux \$releasever - BaseOS" "http://vault.centos.org/centos/\$releasever/BaseOS/\$basearch/os/" + installCommon_addCentOSRepository "appstream" "CentOS Linux \$releasever - AppStream" "http://vault.centos.org/centos/\$releasever/AppStream/\$basearch/os/" + fi + + common_logger -d "CentOS repositories added." + fi + +} +function installCommon_extractConfig() { + + common_logger -d "Extracting Wazuh configuration." + if ! tar -tf "${tar_file}" | grep -q wazuh-install-files/config.yml; then + common_logger -e "There is no config.yml file in ${tar_file}." + exit 1 + fi + eval "tar -xf ${tar_file} -C /tmp wazuh-install-files/config.yml ${debug}" + +} +function installCommon_getConfig() { + + if [ "$#" -ne 2 ]; then + common_logger -e "installCommon_getConfig should be called with two arguments" + exit 1 + fi + + config_name="config_file_$(eval "echo ${1} | sed 's|/|_|g;s|.yml||'")" + if [ -z "$(eval "echo \${${config_name}}")" ]; then + common_logger -e "Unable to find configuration file ${1}. Exiting." + installCommon_rollBack + exit 1 + fi + eval "echo \"\${${config_name}}\"" > "${2}" +} +function installCommon_getPass() { + + for i in "${!users[@]}"; do + if [ "${users[i]}" == "${1}" ]; then + u_pass=${passwords[i]} + fi + done +} +function installCommon_installCheckDependencies() { + + common_logger -d "Installing check dependencies." + if [ "${sys_type}" == "yum" ]; then + if [[ "${DIST_NAME}" == "rhel" ]] && [[ "${DIST_VER}" == "8" || "${DIST_VER}" == "9" ]]; then + installCommon_configureCentOSRepositories + fi + installCommon_yumInstallList "${wia_yum_dependencies[@]}" + + # In RHEL cases, remove the CentOS repositories configuration + if [ "${centos_repos_configured}" == 1 ]; then + installCommon_removeCentOSrepositories + fi + + elif [ "${sys_type}" == "apt-get" ]; then + eval "apt-get update -q ${debug}" + installCommon_aptInstallList "${wia_apt_dependencies[@]}" + fi + +} +function installCommon_installPrerequisites() { + + message="Installing prerequisites dependencies." + if [ "${sys_type}" == "yum" ]; then + if [ "${1}" == "AIO" ]; then + deps=($(echo "${indexer_yum_dependencies[@]}" "${dashboard_yum_dependencies[@]}" | tr ' ' '\n' | sort -u)) + if [ -z "${offline_install}" ]; then + common_logger -d "${message}" + installCommon_yumInstallList "${deps[@]}" + else + offline_checkPrerequisites "${deps[@]}" + fi + fi + if [ "${1}" == "indexer" ]; then + if [ -z "${offline_install}" ]; then + common_logger -d "${message}" + installCommon_yumInstallList "${indexer_yum_dependencies[@]}" + else + offline_checkPrerequisites "${indexer_yum_dependencies[@]}" + fi + fi + if [ "${1}" == "dashboard" ]; then + if [ -z "${offline_install}" ]; then + common_logger -d "${message}" + installCommon_yumInstallList "${dashboard_yum_dependencies[@]}" + else + offline_checkPrerequisites "${dashboard_yum_dependencies[@]}" + fi + fi + elif [ "${sys_type}" == "apt-get" ]; then + if [ -z "${offline_install}" ]; then + eval "apt-get update -q ${debug}" + fi + if [ "${1}" == "AIO" ]; then + deps=($(echo "${wazuh_apt_dependencies[@]}" "${indexer_apt_dependencies[@]}" "${dashboard_apt_dependencies[@]}" | tr ' ' '\n' | sort -u)) + if [ -z "${offline_install}" ]; then + common_logger -d "${message}" + installCommon_aptInstallList "${deps[@]}" + else + offline_checkPrerequisites "${deps[@]}" + fi + fi + if [ "${1}" == "indexer" ]; then + if [ -z "${offline_install}" ]; then + common_logger -d "${message}" + installCommon_aptInstallList "${indexer_apt_dependencies[@]}" + else + offline_checkPrerequisites "${indexer_apt_dependencies[@]}" + fi + fi + if [ "${1}" == "dashboard" ]; then + if [ -z "${offline_install}" ]; then + common_logger -d "${message}" + installCommon_aptInstallList "${dashboard_apt_dependencies[@]}" + else + offline_checkPrerequisites "${dashboard_apt_dependencies[@]}" + fi + fi + if [ "${1}" == "wazuh" ]; then + if [ -z "${offline_install}" ]; then + common_logger -d "${message}" + installCommon_aptInstallList "${wazuh_apt_dependencies[@]}" + else + offline_checkPrerequisites "${wazuh_apt_dependencies[@]}" + fi + fi + fi + +} +function installCommon_readPasswordFileUsers() { + + filecorrect=$(grep -Ev '^#|^\s*$' "${p_file}" | grep -Pzc "\A(\s*(indexer_username|api_username|indexer_password|api_password):[ \t]+[\'\"]?[\w.*+?-]+[\'\"]?)+\Z") + if [[ "${filecorrect}" -ne 1 ]]; then + common_logger -e "The password file does not have a correct format or password uses invalid characters. Allowed characters: A-Za-z0-9.*+? + +For Wazuh indexer users, the file must have this format: + +# Description + indexer_username: + indexer_password: + +For Wazuh API users, the file must have this format: + +# Description + api_username: + api_password: + +" + installCommon_rollBack + exit 1 + fi + + sfileusers=$(grep indexer_username: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") + sfilepasswords=$(grep indexer_password: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") + + sfileapiusers=$(grep api_username: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") + sfileapipasswords=$(grep api_password: "${p_file}" | awk '{ print substr( $2, 1, length($2) ) }' | sed -e "s/[\'\"]//g") + + + mapfile -t fileusers < <(printf '%s\n' "${sfileusers}") + mapfile -t filepasswords < <(printf '%s\n' "${sfilepasswords}") + mapfile -t fileapiusers < <(printf '%s\n' "${sfileapiusers}") + mapfile -t fileapipasswords < <(printf '%s\n' "${sfileapipasswords}") + + if [ -n "${changeall}" ]; then + for j in "${!fileusers[@]}"; do + supported=false + for i in "${!users[@]}"; do + if [[ ${users[i]} == "${fileusers[j]}" ]]; then + passwords_checkPassword "${filepasswords[j]}" + passwords[i]=${filepasswords[j]} + supported=true + fi + done + if [ "${supported}" = false ] && [ -n "${indexer_installed}" ]; then + common_logger -e -d "The given user ${fileusers[j]} does not exist" + fi + done + + for j in "${!fileapiusers[@]}"; do + supported=false + for i in "${!api_users[@]}"; do + if [[ "${api_users[i]}" == "${fileapiusers[j]}" ]]; then + passwords_checkPassword "${fileapipasswords[j]}" + api_passwords[i]=${fileapipasswords[j]} + supported=true + fi + done + if [ "${supported}" = false ] && [ -n "${indexer_installed}" ]; then + common_logger -e "The Wazuh API user ${fileapiusers[j]} does not exist" + fi + done + else + finalusers=() + finalpasswords=() + + finalapiusers=() + finalapipasswords=() + + if [ -n "${dashboard_installed}" ] && [ -n "${dashboard}" ]; then + users=( kibanaserver admin ) + fi + + if [ -n "${filebeat_installed}" ] && [ -n "${wazuh}" ]; then + users=( admin ) + fi + + for j in "${!fileusers[@]}"; do + supported=false + for i in "${!users[@]}"; do + if [[ "${users[i]}" == "${fileusers[j]}" ]]; then + passwords_checkPassword "${filepasswords[j]}" + finalusers+=(${fileusers[j]}) + finalpasswords+=(${filepasswords[j]}) + supported=true + fi + done + if [ "${supported}" = "false" ] && [ -n "${indexer_installed}" ] && [ -n "${changeall}" ]; then + common_logger -e -d "The given user ${fileusers[j]} does not exist" + fi + done + + for j in "${!fileapiusers[@]}"; do + supported=false + for i in "${!api_users[@]}"; do + if [[ "${api_users[i]}" == "${fileapiusers[j]}" ]]; then + passwords_checkPassword "${fileapipasswords[j]}" + finalapiusers+=("${fileapiusers[j]}") + finalapipasswords+=("${fileapipasswords[j]}") + supported=true + fi + done + if [ ${supported} = false ] && [ -n "${indexer_installed}" ]; then + common_logger -e "The Wazuh API user ${fileapiusers[j]} does not exist" + fi + done + + users=() + mapfile -t users < <(printf '%s\n' "${finalusers[@]}") + mapfile -t passwords < <(printf '%s\n' "${finalpasswords[@]}") + mapfile -t api_users < <(printf '%s\n' "${finalapiusers[@]}") + mapfile -t api_passwords < <(printf '%s\n' "${finalapipasswords[@]}") + changeall=1 + fi + +} +function installCommon_restoreWazuhrepo() { + + common_logger -d "Restoring Wazuh repository." + if [ -n "${development}" ]; then + if [ "${sys_type}" == "yum" ] && [ -f "/etc/yum.repos.d/wazuh.repo" ]; then + file="/etc/yum.repos.d/wazuh.repo" + elif [ "${sys_type}" == "apt-get" ] && [ -f "/etc/apt/sources.list.d/wazuh.list" ]; then + file="/etc/apt/sources.list.d/wazuh.list" + else + common_logger -w -d "Wazuh repository does not exists." + fi + eval "sed -i 's/-dev//g' ${file} ${debug}" + eval "sed -i 's/pre-release/4.x/g' ${file} ${debug}" + eval "sed -i 's/unstable/stable/g' ${file} ${debug}" + fi + +} +function installCommon_removeCentOSrepositories() { + + eval "rm -f ${centos_repo} ${debug}" + eval "rm -f ${centos_key} ${debug}" + eval "yum clean all ${debug}" + centos_repos_configured=0 + common_logger -d "CentOS repositories and key deleted." + +} +function installCommon_rollBack() { + + if [ -z "${uninstall}" ]; then + common_logger "--- Removing existing Wazuh installation ---" + fi + + if [ -f "/etc/yum.repos.d/wazuh.repo" ]; then + eval "rm /etc/yum.repos.d/wazuh.repo ${debug}" + elif [ -f "/etc/zypp/repos.d/wazuh.repo" ]; then + eval "rm /etc/zypp/repos.d/wazuh.repo ${debug}" + elif [ -f "/etc/apt/sources.list.d/wazuh.list" ]; then + eval "rm /etc/apt/sources.list.d/wazuh.list ${debug}" + fi + + if [[ -n "${wazuh_installed}" && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]];then + common_logger "Removing Wazuh manager." + if [ "${sys_type}" == "yum" ]; then + common_checkYumLock + if [ "${attempt}" -ne "${max_attempts}" ]; then + eval "yum remove wazuh-manager -y ${debug}" + eval "rpm -q wazuh-manager --quiet && wazuh_failed_uninstall=1" + fi + elif [ "${sys_type}" == "apt-get" ]; then + common_checkAptLock + eval "apt-get remove --purge wazuh-manager -y ${debug}" + wazuh_failed_uninstall=$(apt list --installed 2>/dev/null | grep wazuh-manager) + fi + + if [ -n "${wazuh_failed_uninstall}" ]; then + common_logger -w "The Wazuh manager package could not be removed." + else + common_logger "Wazuh manager removed." + fi + + fi + + if [[ ( -n "${wazuh_remaining_files}" || -n "${wazuh_installed}" ) && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then + eval "rm -rf /var/ossec/ ${debug}" + fi + + if [[ -n "${indexer_installed}" && ( -n "${indexer}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then + common_logger "Removing Wazuh indexer." + if [ "${sys_type}" == "yum" ]; then + common_checkYumLock + if [ "${attempt}" -ne "${max_attempts}" ]; then + eval "yum remove wazuh-indexer -y ${debug}" + eval "rpm -q wazuh-indexer --quiet && indexer_failed_uninstall=1" + fi + elif [ "${sys_type}" == "apt-get" ]; then + common_checkAptLock + eval "apt-get remove --purge wazuh-indexer -y ${debug}" + indexer_failed_uninstall=$(apt list --installed 2>/dev/null | grep wazuh-indexer) + fi + + if [ -n "${indexer_failed_uninstall}" ]; then + common_logger -w "The Wazuh indexer package could not be removed." + else + common_logger "Wazuh indexer removed." + fi + fi + + if [[ ( -n "${indexer_remaining_files}" || -n "${indexer_installed}" ) && ( -n "${indexer}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then + eval "rm -rf /var/lib/wazuh-indexer/ ${debug}" + eval "rm -rf /usr/share/wazuh-indexer/ ${debug}" + eval "rm -rf /etc/wazuh-indexer/ ${debug}" + fi + + if [[ -n "${filebeat_installed}" && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then + common_logger "Removing Filebeat." + if [ "${sys_type}" == "yum" ]; then + common_checkYumLock + if [ "${attempt}" -ne "${max_attempts}" ]; then + eval "yum remove filebeat -y ${debug}" + eval "rpm -q filebeat --quiet && filebeat_failed_uninstall=1" + fi + elif [ "${sys_type}" == "apt-get" ]; then + common_checkAptLock + eval "apt-get remove --purge filebeat -y ${debug}" + filebeat_failed_uninstall=$(apt list --installed 2>/dev/null | grep filebeat) + fi + + if [ -n "${filebeat_failed_uninstall}" ]; then + common_logger -w "The Filebeat package could not be removed." + else + common_logger "Filebeat removed." + fi + fi + + if [[ ( -n "${filebeat_remaining_files}" || -n "${filebeat_installed}" ) && ( -n "${wazuh}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then + eval "rm -rf /var/lib/filebeat/ ${debug}" + eval "rm -rf /usr/share/filebeat/ ${debug}" + eval "rm -rf /etc/filebeat/ ${debug}" + fi + + if [[ -n "${dashboard_installed}" && ( -n "${dashboard}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then + common_logger "Removing Wazuh dashboard." + if [ "${sys_type}" == "yum" ]; then + common_checkYumLock + if [ "${attempt}" -ne "${max_attempts}" ]; then + eval "yum remove wazuh-dashboard -y ${debug}" + eval "rpm -q wazuh-dashboard --quiet && dashboard_failed_uninstall=1" + fi + elif [ "${sys_type}" == "apt-get" ]; then + common_checkAptLock + eval "apt-get remove --purge wazuh-dashboard -y ${debug}" + dashboard_failed_uninstall=$(apt list --installed 2>/dev/null | grep wazuh-dashboard) + fi + + if [ -n "${dashboard_failed_uninstall}" ]; then + common_logger -w "The Wazuh dashboard package could not be removed." + else + common_logger "Wazuh dashboard removed." + fi + fi + + if [[ ( -n "${dashboard_remaining_files}" || -n "${dashboard_installed}" ) && ( -n "${dashboard}" || -n "${AIO}" || -n "${uninstall}" ) ]]; then + eval "rm -rf /var/lib/wazuh-dashboard/ ${debug}" + eval "rm -rf /usr/share/wazuh-dashboard/ ${debug}" + eval "rm -rf /etc/wazuh-dashboard/ ${debug}" + eval "rm -rf /run/wazuh-dashboard/ ${debug}" + fi + + elements_to_remove=( "/var/log/wazuh-indexer/" + "/var/log/filebeat/" + "/etc/systemd/system/opensearch.service.wants/" + "/securityadmin_demo.sh" + "/etc/systemd/system/multi-user.target.wants/wazuh-manager.service" + "/etc/systemd/system/multi-user.target.wants/filebeat.service" + "/etc/systemd/system/multi-user.target.wants/opensearch.service" + "/etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service" + "/etc/systemd/system/wazuh-dashboard.service" + "/lib/firewalld/services/dashboard.xml" + "/lib/firewalld/services/opensearch.xml" ) + + eval "rm -rf ${elements_to_remove[*]} ${debug}" + + common_remove_gpg_key + + installCommon_removeWIADependencies + + eval "systemctl daemon-reload ${debug}" + + if [ -z "${uninstall}" ]; then + if [ -n "${rollback_conf}" ] || [ -n "${overwrite}" ]; then + common_logger "Installation cleaned." + else + common_logger "Installation cleaned. Check the ${logfile} file to learn more about the issue." + fi + fi + +} +function installCommon_startService() { + + if [ "$#" -ne 1 ]; then + common_logger -e "installCommon_startService must be called with 1 argument." + exit 1 + fi + + common_logger "Starting service ${1}." + + if [[ -d /run/systemd/system ]]; then + eval "systemctl daemon-reload ${debug}" + eval "systemctl enable ${1}.service ${debug}" + eval "systemctl start ${1}.service ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "${1} could not be started." + if [ -n "$(command -v journalctl)" ]; then + eval "journalctl -u ${1} >> ${logfile}" + fi + installCommon_rollBack + exit 1 + else + common_logger "${1} service started." + fi + elif ps -p 1 -o comm= | grep "init"; then + eval "chkconfig ${1} on ${debug}" + eval "service ${1} start ${debug}" + eval "/etc/init.d/${1} start ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "${1} could not be started." + if [ -n "$(command -v journalctl)" ]; then + eval "journalctl -u ${1} >> ${logfile}" + fi + installCommon_rollBack + exit 1 + else + common_logger "${1} service started." + fi + elif [ -x "/etc/rc.d/init.d/${1}" ] ; then + eval "/etc/rc.d/init.d/${1} start ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "${1} could not be started." + if [ -n "$(command -v journalctl)" ]; then + eval "journalctl -u ${1} >> ${logfile}" + fi + installCommon_rollBack + exit 1 + else + common_logger "${1} service started." + fi + else + common_logger -e "${1} could not start. No service manager found on the system." + exit 1 + fi + +} +function installCommon_yumInstallList(){ + + dependencies=("$@") + not_installed=() + for dep in "${dependencies[@]}"; do + if ! rpm -q "${dep}" --quiet;then + not_installed+=("${dep}") + for wia_dep in "${wia_yum_dependencies[@]}"; do + if [ "${wia_dep}" == "${dep}" ]; then + wia_dependencies_installed+=("${dep}") + fi + done + fi + done + + if [ "${#not_installed[@]}" -gt 0 ]; then + common_logger "--- Dependencies ---" + for dep in "${not_installed[@]}"; do + common_logger "Installing $dep." + installCommon_yumInstall "${dep}" + yum_code="${PIPESTATUS[0]}" + + eval "echo \${yum_output} ${debug}" + if [ "${yum_code}" != 0 ]; then + common_logger -e "Cannot install dependency: ${dep}." + installCommon_rollBack + exit 1 + fi + done + fi + +} +function installCommon_removeWIADependencies() { + + if [ "${sys_type}" == "yum" ]; then + installCommon_yumRemoveWIADependencies + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptRemoveWIADependencies + fi + +} +function installCommon_yumRemoveWIADependencies(){ + + if [ "${#wia_dependencies_installed[@]}" -gt 0 ]; then + common_logger "--- Dependencies ---" + for dep in "${wia_dependencies_installed[@]}"; do + if [ "${dep}" != "systemd" ]; then + common_logger "Removing $dep." + yum_output=$(yum remove ${dep} -y 2>&1) + yum_code="${PIPESTATUS[0]}" + + eval "echo \${yum_output} ${debug}" + if [ "${yum_code}" != 0 ]; then + common_logger -e "Cannot remove dependency: ${dep}." + exit 1 + fi + fi + done + fi + +} +function installCommon_aptRemoveWIADependencies(){ + + if [ "${#wia_dependencies_installed[@]}" -gt 0 ]; then + common_logger "--- Dependencies ----" + for dep in "${wia_dependencies_installed[@]}"; do + if [ "${dep}" != "systemd" ]; then + common_logger "Removing $dep." + apt_output=$(apt-get remove --purge ${dep} -y 2>&1) + apt_code="${PIPESTATUS[0]}" + + eval "echo \${apt_output} ${debug}" + if [ "${apt_code}" != 0 ]; then + common_logger -e "Cannot remove dependency: ${dep}." + exit 1 + fi + fi + done + fi + +} +function installCommon_yumInstall() { + + package="${1}" + version="${2}" + install_result=1 + if [ -n "${version}" ]; then + installer="${package}-${version}" + else + installer="${package}" + fi + + # Offline installation case: get package name and install it + if [ -n "${offline_install}" ]; then + package_name=$(ls ${offline_packages_path} | grep ${package}) + installer="${offline_packages_path}/${package_name}" + command="rpm -ivh ${installer}" + common_logger -d "Installing local package: ${installer}" + else + command="yum install ${installer} -y" + fi + common_checkYumLock + + if [ "${attempt}" -ne "${max_attempts}" ]; then + yum_output=$(eval "${command} 2>&1") + install_result="${PIPESTATUS[0]}" + eval "echo \${yum_output} ${debug}" + fi + +} +function installCommon_checkAptLock() { + + attempt=0 + seconds=30 + max_attempts=10 + + while fuser "${apt_lockfile}" >/dev/null 2>&1 && [ "${attempt}" -lt "${max_attempts}" ]; do + attempt=$((attempt+1)) + common_logger "Another process is using APT. Waiting for it to release the lock. Next retry in ${seconds} seconds (${attempt}/${max_attempts})" + sleep "${seconds}" + done + +} + +# ------------ manager.sh ------------ +function manager_startCluster() { + + common_logger -d "Starting Wazuh manager cluster." + for i in "${!server_node_names[@]}"; do + if [[ "${server_node_names[i]}" == "${winame}" ]]; then + pos="${i}"; + fi + done + + for i in "${!server_node_types[@]}"; do + if [[ "${server_node_types[i],,}" == "master" ]]; then + master_address=${server_node_ips[i]} + fi + done + + key=$(tar -axf "${tar_file}" wazuh-install-files/clusterkey -O) + bind_address="0.0.0.0" + port="1516" + hidden="no" + disabled="no" + lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + + eval 'sed -i -e "${lstart},${lend}s/.*<\/name>/wazuh_cluster<\/name>/" \ + -e "${lstart},${lend}s/.*<\/node_name>/${winame}<\/node_name>/" \ + -e "${lstart},${lend}s/.*<\/node_type>/${server_node_types[pos],,}<\/node_type>/" \ + -e "${lstart},${lend}s/.*<\/key>/${key}<\/key>/" \ + -e "${lstart},${lend}s/.*<\/port>/${port}<\/port>/" \ + -e "${lstart},${lend}s/.*<\/bind_addr>/${bind_address}<\/bind_addr>/" \ + -e "${lstart},${lend}s/.*<\/node>/${master_address}<\/node>/" \ + -e "${lstart},${lend}s/.*<\/hidden>/${hidden}<\/hidden>/" \ + -e "${lstart},${lend}s/.*<\/disabled>/${disabled}<\/disabled>/" \ + /var/ossec/etc/ossec.conf' + +} +function manager_configure(){ + + common_logger -d "Configuring Wazuh manager." + + if [ ${#indexer_node_names[@]} -eq 1 ]; then + eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" + else + lstart=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + lend=$(grep -n "" /var/ossec/etc/ossec.conf | cut -d : -f 1) + for i in "${!indexer_node_ips[@]}"; do + if [ $i -eq 0 ]; then + eval "sed -i 's/.*<\/host>/https:\/\/${indexer_node_ips[0]}:9200<\/host>/g' /var/ossec/etc/ossec.conf ${debug}" + else + eval "sed -i '//a\ https:\/\/${indexer_node_ips[$i]}:9200<\/host>' /var/ossec/etc/ossec.conf" + fi + done + fi + eval "sed -i s/filebeat.pem/${server_node_names[0]}.pem/ /var/ossec/etc/ossec.conf ${debug}" + eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /var/ossec/etc/ossec.conf ${debug}" + common_logger -d "Setting provisional Wazuh indexer password." + eval "/var/ossec/bin/wazuh-keystore -f indexer -k username -v admin" + eval "/var/ossec/bin/wazuh-keystore -f indexer -k password -v admin" + common_logger "Wazuh manager vulnerability detection configuration finished." +} +function manager_install() { + + common_logger "Starting the Wazuh manager installation." + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "wazuh-manager" "${wazuh_version}-*" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "wazuh-manager" "${wazuh_version}-*" + fi + + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${wazuh_installed}" ]; then + common_logger -e "Wazuh installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh manager installation finished." + fi +} + +# ------------ wazuh-offline-installation.sh ------------ +function offline_checkPrerequisites(){ + + dependencies=( "${@}" ) + if [ $1 == "wia_offline_dependencies" ]; then + dependencies=( "${@:2}" ) + common_logger "Checking dependencies for Wazuh installation assistant." + else + common_logger "Checking prerequisites for Offline installation." + fi + + for dep in "${dependencies[@]}"; do + if [ "${sys_type}" == "yum" ]; then + eval "yum list installed 2>/dev/null | grep -q -E ^"${dep}"\\." + elif [ "${sys_type}" == "apt-get" ]; then + eval "apt list --installed 2>/dev/null | grep -q -E ^"${dep}"\/" + fi + + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "${dep} is necessary for the offline installation." + exit 1 + fi + done + if [ $1 == "wia_offline_dependencies" ]; then + common_logger -d "Dependencies for Wazuh installation assistant are installed." + else + common_logger -d "Prerequisites for Offline installation are installed." + fi +} +function offline_checkPreinstallation() { + + offline_tarfile="${base_dest_folder}.tar.gz" + common_logger "Checking ${offline_tarfile} file." + if [ ! -f "${base_path}/${offline_tarfile}" ]; then + common_logger -e "The ${offline_tarfile} file was not found in ${base_path}." + exit 1 + fi + common_logger -d "${offline_tarfile} was found correctly." + +} +function offline_extractFiles() { + + common_logger -d "Extracting files from ${offline_tarfile}" + if [ ! -d "${base_path}/wazuh-offline/" ]; then + eval "tar -xzf ${offline_tarfile} ${debug}" + + if [ ! -d "${base_path}/wazuh-offline/" ]; then + common_logger -e "The ${offline_tarfile} file could not be decompressed." + exit 1 + fi + fi + + offline_files_path="${base_path}/wazuh-offline/wazuh-files" + offline_packages_path="${base_path}/wazuh-offline/wazuh-packages" + + required_files=( + "${offline_files_path}/filebeat.yml" + "${offline_files_path}/GPG-KEY-WAZUH" + "${offline_files_path}/wazuh-filebeat-*.tar.gz" + "${offline_files_path}/wazuh-template.json" + ) + + if [ "${sys_type}" == "apt-get" ]; then + required_files+=("${offline_packages_path}/filebeat_*.deb" "${offline_packages_path}/wazuh-dashboard_*.deb" "${offline_packages_path}/wazuh-indexer_*.deb" "${offline_packages_path}/wazuh-manager_*.deb") + elif [ "${sys_type}" == "rpm" ]; then + required_files+=("${offline_packages_path}/filebeat-*.rpm" "${offline_packages_path}/wazuh-dashboard_*.rpm" "${offline_packages_path}/wazuh-indexer_*.rpm" "${offline_packages_path}/wazuh-manager_*.rpm") + fi + + for file in "${required_files[@]}"; do + if ! compgen -G "${file}" > /dev/null; then + common_logger -e "Missing necessary offline file: ${file}" + exit 1 + fi + done + + common_logger -d "Offline files extracted successfully." +} +function offline_importGPGKey() { + + common_logger -d "Importing Wazuh GPG key." + if [ "${sys_type}" == "yum" ]; then + eval "rpm --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + elif [ "${sys_type}" == "apt-get" ]; then + eval "gpg --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + eval "chmod 644 ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + fi + +} + +# ------------ wazuh-offline-download.sh ------------ +function offline_download() { + + common_logger "Starting Wazuh packages download." + common_logger "Downloading Wazuh ${package_type} packages for ${arch}." + dest_path="${base_dest_folder}/wazuh-packages" + + if [ -d "${dest_path}" ]; then + eval "rm -f ${dest_path}/* ${debug}" # Clean folder before downloading specific versions + eval "chmod 700 ${dest_path} ${debug}" + else + eval "mkdir -m700 -p ${dest_path} ${debug}" # Create folder if it does not exist + fi + + packages_to_download=( "manager" "filebeat" "indexer" "dashboard" ) + + manager_revision="1" + indexer_revision="1" + dashboard_revision="1" + filebeat_revision="1" + + if [ -n "${development}" ]; then + filebeat_config_file="https://${bucket}/${wazuh_major}/tpl/wazuh/filebeat/filebeat.yml" + if [ "${package_type}" == "rpm" ]; then + manager_rpm_base_url="${repobaseurl}/yum" + indexer_rpm_base_url="${repobaseurl}/yum" + dashboard_rpm_base_url="${repobaseurl}/yum" + filebeat_rpm_base_url="${repobaseurl}/yum" + elif [ "${package_type}" == "deb" ]; then + manager_deb_base_url="${repobaseurl}/apt/pool/main/w/wazuh-manager" + indexer_deb_base_url="${repobaseurl}/apt/pool/main/w/wazuh-indexer" + dashboard_deb_base_url="${repobaseurl}/apt/pool/main/w/wazuh-dashboard" + filebeat_deb_base_url="${repobaseurl}/apt/pool/main/f/filebeat" + fi + fi + + if [ "${package_type}" == "rpm" ]; then + manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.${arch}.${package_type}" + indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.${arch}.${package_type}" + dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.${arch}.${package_type}" + filebeat_rpm_package="filebeat-${offline_filebeat_version}-${filebeat_revision}.${arch}.${package_type}" + manager_base_url="${manager_rpm_base_url}" + indexer_base_url="${indexer_rpm_base_url}" + dashboard_base_url="${dashboard_rpm_base_url}" + filebeat_base_url="${filebeat_rpm_base_url}" + manager_package="${manager_rpm_package}" + indexer_package="${indexer_rpm_package}" + dashboard_package="${dashboard_rpm_package}" + filebeat_package="${filebeat_rpm_package}" + elif [ "${package_type}" == "deb" ]; then + manager_deb_package="wazuh-manager_${wazuh_version}-${manager_revision}_${arch}.${package_type}" + indexer_deb_package="wazuh-indexer_${wazuh_version}-${indexer_revision}_${arch}.${package_type}" + dashboard_deb_package="wazuh-dashboard_${wazuh_version}-${dashboard_revision}_${arch}.${package_type}" + filebeat_deb_package="filebeat_${offline_filebeat_version}-${filebeat_revision}_${arch}.${package_type}" + manager_base_url="${manager_deb_base_url}" + indexer_base_url="${indexer_deb_base_url}" + dashboard_base_url="${dashboard_deb_base_url}" + filebeat_base_url="${filebeat_deb_base_url}" + manager_package="${manager_deb_package}" + indexer_package="${indexer_deb_package}" + dashboard_package="${dashboard_deb_package}" + filebeat_package="${filebeat_deb_package}" + else + common_logger "Unsupported package type: ${package_type}" + exit 1 + fi + + while common_curl -s -I -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do + manager_revision=$((manager_revision+1)) + if [ "${package_type}" == "rpm" ]; then + manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.${arch}.rpm" + manager_package="${manager_rpm_package}" + else + manager_deb_package="wazuh-manager_${wazuh_version}-${manager_revision}_${arch}.deb" + manager_package="${manager_deb_package}" + fi + done + if [ "$manager_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${manager_base_url}/${manager_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then + manager_revision=$((manager_revision-1)) + if [ "${package_type}" == "rpm" ]; then + manager_rpm_package="wazuh-manager-${wazuh_version}-${manager_revision}.${arch}.rpm" + else + manager_deb_package="wazuh-manager_${wazuh_version}-${manager_revision}_${arch}.deb" + fi + fi + common_logger -d "Wazuh manager package revision fetched." + + while common_curl -s -I -o /dev/null -w "%{http_code}" "${filebeat_base_url}/${filebeat_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do + filebeat_revision=$((filebeat_revision+1)) + if [ "${package_type}" == "rpm" ]; then + filebeat_rpm_package="filebeat-${offline_filebeat_version}-${filebeat_revision}.${arch}.rpm" + filebeat_package="${filebeat_rpm_package}" + else + filebeat_deb_package="filebeat_${offline_filebeat_version}-${filebeat_revision}_${arch}.deb" + filebeat_package="${filebeat_deb_package}" + fi + done + if [ "$filebeat_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${filebeat_base_url}/${filebeat_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then + filebeat_revision=$((filebeat_revision-1)) + if [ "${package_type}" == "rpm" ]; then + filebeat_rpm_package="filebeat-${offline_filebeat_version}-${filebeat_revision}.${arch}.rpm" + else + filebeat_deb_package="filebeat_${offline_filebeat_version}-${filebeat_revision}_${arch}.deb" + fi + fi + common_logger -d "Filebeat package revision fetched." + + while common_curl -s -I -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do + indexer_revision=$((indexer_revision+1)) + if [ "${package_type}" == "rpm" ]; then + indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.${arch}.rpm" + indexer_package="${indexer_rpm_package}" + else + indexer_deb_package="wazuh-indexer_${wazuh_version}-${indexer_revision}_${arch}.deb" + indexer_package="${indexer_deb_package}" + fi + done + if [ "$indexer_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${indexer_base_url}/${indexer_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then + indexer_revision=$((indexer_revision-1)) + if [ "${package_type}" == "rpm" ]; then + indexer_rpm_package="wazuh-indexer-${wazuh_version}-${indexer_revision}.${arch}.rpm" + else + indexer_deb_package="wazuh-indexer_${wazuh_version}-${indexer_revision}_${arch}.deb" + fi + fi + common_logger -d "Wazuh indexer package revision fetched." + + while common_curl -s -I -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}" --max-time 300 --retry 5 --retry-delay 5 --fail | grep -q "200"; do + dashboard_revision=$((dashboard_revision+1)) + if [ "${package_type}" == "rpm" ]; then + dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.${arch}.rpm" + dashboard_package="${dashboard_rpm_package}" + else + dashboard_deb_package="wazuh-dashboard_${wazuh_version}-${dashboard_revision}_${arch}.deb" + dashboard_package="${dashboard_deb_package}" + fi + done + if [ "$dashboard_revision" -gt 1 ] && [ "$(common_curl -s -I -o /dev/null -w "%{http_code}" "${dashboard_base_url}/${dashboard_package}" --max-time 300 --retry 5 --retry-delay 5 --fail)" -ne "200" ]; then + dashboard_revision=$((dashboard_revision-1)) + if [ "${package_type}" == "rpm" ]; then + dashboard_rpm_package="wazuh-dashboard-${wazuh_version}-${dashboard_revision}.${arch}.rpm" + else + dashboard_deb_package="wazuh-dashboard_${wazuh_version}-${dashboard_revision}_${arch}.deb" + fi + fi + common_logger -d "Wazuh dashboard package revision fetched." + + for package in "${packages_to_download[@]}" + do + common_logger -d "Downloading Wazuh ${package} package..." + package_name="${package}_${package_type}_package" + eval "package_base_url=${package}_${package_type}_base_url" + + if output=$(common_curl -sSo "${dest_path}/${!package_name}" "${!package_base_url}/${!package_name}" --max-time 300 --retry 5 --retry-delay 5 --fail 2>&1); then + common_logger "The ${package} package was downloaded." + else + common_logger -e "The ${package} package could not be downloaded. Exiting." + eval "echo \${output} ${debug}" + exit 1 + fi + + done + + common_logger "The packages are in ${dest_path}" + +# -------------------------------------------------- + + common_logger "Downloading configuration files and assets." + dest_path="${base_dest_folder}/wazuh-files" + + if [ -d "${dest_path}" ]; then + eval "rm -f ${dest_path}/* ${debug}" # Clean folder before downloading specific versions + eval "chmod 700 ${dest_path} ${debug}" + else + eval "mkdir -m700 -p ${dest_path} ${debug}" # Create folder if it does not exist + fi + + files_to_download=( "${wazuh_gpg_key}" "${filebeat_config_file}" "${filebeat_wazuh_template}" "${filebeat_wazuh_module}" ) + + eval "cd ${dest_path}" + for file in "${files_to_download[@]}" + do + common_logger -d "Downloading ${file}..." + if output=$(common_curl -sSO ${file} --max-time 300 --retry 5 --retry-delay 5 --fail 2>&1); then + common_logger "The resource ${file} was downloaded." + else + common_logger -e "The resource ${file} could not be downloaded. Exiting." + eval "echo \${output} ${debug}" + exit 1 + fi + + done + eval "cd - > /dev/null" + + eval "chmod 500 ${base_dest_folder} ${debug}" + + common_logger "The configuration files and assets are in wazuh-offline.tar.gz" + + eval "tar -czf ${base_dest_folder}.tar.gz ${base_dest_folder} ${debug}" + eval "chmod -R 700 ${base_dest_folder} && rm -rf ${base_dest_folder} ${debug}" + + common_logger "You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html" + +} +# ------------ indexer.sh ------------ +function indexer_configure() { + + common_logger -d "Configuring Wazuh indexer." + eval "export JAVA_HOME=/usr/share/wazuh-indexer/jdk/" + + # Configure JVM options for Wazuh indexer + ram_gb=$(free -m | awk 'FNR == 2 {print $2}') + ram="$(( ram_mb / 2 ))" + + if [ "${ram}" -eq "0" ]; then + ram=1024; + fi + eval "sed -i "s/-Xms1g/-Xms${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" + eval "sed -i "s/-Xmx1g/-Xmx${ram}m/" /etc/wazuh-indexer/jvm.options ${debug}" + + if [ -n "${AIO}" ]; then + eval "installCommon_getConfig indexer/indexer_all_in_one.yml /etc/wazuh-indexer/opensearch.yml ${debug}" + else + eval "installCommon_getConfig indexer/indexer_assistant_distributed.yml /etc/wazuh-indexer/opensearch.yml ${debug}" + if [ "${#indexer_node_names[@]}" -eq 1 ]; then + pos=0 + { + echo "node.name: ${indxname}" + echo "network.host: ${indexer_node_ips[0]}" + echo "cluster.initial_master_nodes: ${indxname}" + echo "plugins.security.nodes_dn:" + echo ' - CN='"${indxname}"',OU=Wazuh,O=Wazuh,L=California,C=US' + } >> /etc/wazuh-indexer/opensearch.yml + else + echo "node.name: ${indxname}" >> /etc/wazuh-indexer/opensearch.yml + echo "cluster.initial_master_nodes:" >> /etc/wazuh-indexer/opensearch.yml + for i in "${indexer_node_names[@]}"; do + echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml + done + + echo "discovery.seed_hosts:" >> /etc/wazuh-indexer/opensearch.yml + for i in "${indexer_node_ips[@]}"; do + echo " - ${i}" >> /etc/wazuh-indexer/opensearch.yml + done + + for i in "${!indexer_node_names[@]}"; do + if [[ "${indexer_node_names[i]}" == "${indxname}" ]]; then + pos="${i}"; + fi + done + + echo "network.host: ${indexer_node_ips[pos]}" >> /etc/wazuh-indexer/opensearch.yml + + echo "plugins.security.nodes_dn:" >> /etc/wazuh-indexer/opensearch.yml + for i in "${indexer_node_names[@]}"; do + echo " - CN=${i},OU=Wazuh,O=Wazuh,L=California,C=US" >> /etc/wazuh-indexer/opensearch.yml + done + fi + fi + + indexer_copyCertificates + + jv=$(java -version 2>&1 | grep -o -m1 '1.8.0' ) + if [ "$jv" == "1.8.0" ]; then + { + echo "wazuh-indexer hard nproc 4096" + echo "wazuh-indexer soft nproc 4096" + echo "wazuh-indexer hard nproc 4096" + echo "wazuh-indexer soft nproc 4096" + } >> /etc/security/limits.conf + echo -ne "\nbootstrap.system_call_filter: false" >> /etc/wazuh-indexer/opensearch.yml + fi + + common_logger "Wazuh indexer post-install configuration finished." +} +function indexer_copyCertificates() { + + common_logger -d "Copying Wazuh indexer certificates." + eval "rm -f ${indexer_cert_path}/* ${debug}" + name=${indexer_node_names[pos]} + + if [ -f "${tar_file}" ]; then + if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then + common_logger -e "Tar file does not contain certificate for the node ${name}." + installCommon_rollBack + exit 1; + fi + eval "mkdir ${indexer_cert_path} ${debug}" + eval "sed -i s/indexer.pem/${name}.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" + eval "sed -i s/indexer-key.pem/${name}-key.pem/ /etc/wazuh-indexer/opensearch.yml ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${indexer_cert_path} wazuh-install-files/admin-key.pem --strip-components 1 ${debug}" + eval "rm -rf ${indexer_cert_path}/wazuh-install-files/ ${debug}" + eval "chown -R wazuh-indexer:wazuh-indexer ${indexer_cert_path} ${debug}" + eval "chmod 500 ${indexer_cert_path} ${debug}" + eval "chmod 400 ${indexer_cert_path}/* ${debug}" + else + common_logger -e "No certificates found. Could not initialize Wazuh indexer" + installCommon_rollBack + exit 1; + fi + +} +function indexer_initialize() { + + common_logger "Initializing Wazuh indexer cluster security settings." + eval "common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null" + e_code="${PIPESTATUS[0]}" + + if [ "${e_code}" -ne "0" ]; then + common_logger -e "Cannot initialize Wazuh indexer cluster." + installCommon_rollBack + exit 1 + fi + + if [ -n "${AIO}" ]; then + eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert ${indexer_cert_path}/root-ca.pem -cert ${indexer_cert_path}/admin.pem -key ${indexer_cert_path}/admin-key.pem -h 127.0.0.1 ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh indexer cluster security configuration initialized." + fi + fi + + if [ "${#indexer_node_names[@]}" -eq 1 ] && [ -z "${AIO}" ]; then + installCommon_changePasswords + fi + + common_logger "Wazuh indexer cluster initialized." + +} +function indexer_install() { + + common_logger "Starting Wazuh indexer installation." + + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "wazuh-indexer" "${wazuh_version}-*" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "wazuh-indexer" "${wazuh_version}-*" + fi + + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${indexer_installed}" ]; then + common_logger -e "Wazuh indexer installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh indexer installation finished." + fi + + eval "sysctl -q -w vm.max_map_count=262144 ${debug}" + +} +function indexer_startCluster() { + + common_logger -d "Starting Wazuh indexer cluster." + for ip_to_test in "${indexer_node_ips[@]}"; do + eval "common_curl -XGET https://"${ip_to_test}":9200/ -k -s -o /dev/null" + e_code="${PIPESTATUS[0]}" + + if [ "${e_code}" -eq "7" ]; then + common_logger -e "Connectivity check failed on node ${ip_to_test} port 9200. Possible causes: Wazuh indexer not installed on the node, the Wazuh indexer service is not running or you have connectivity issues with that node. Please check this before trying again." + exit 1 + fi + done + + eval "wazuh_indexer_ip=( $(cat /etc/wazuh-indexer/opensearch.yml | grep network.host | sed 's/network.host:\s//') )" + eval "sudo -u wazuh-indexer JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /etc/wazuh-indexer/opensearch-security -icl -p 9200 -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h ${wazuh_indexer_ip} ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh indexer cluster security configuration initialized." + fi + + # Validate Wazuh indexer security admin it is initialized + indexer_security_admin_comm="common_curl -XGET https://"${indexer_node_ips[pos]}":9200/ -uadmin:admin -k --max-time 120 --silent -w \"%{http_code}\" --output /dev/null" + http_status=$(eval "${indexer_security_admin_comm}") + retries=0 + max_retries=5 + while [ "${http_status}" -ne 200 ]; do + common_logger -d "Waiting for Wazuh indexer to be ready. wazuh-indexer status: ${http_status}" + sleep 5 + retries=$((retries+1)) + if [ "${retries}" -eq "${max_retries}" ]; then + common_logger -e "The Wazuh indexer cluster security configuration could not be initialized." + exit 1 + fi + http_status=$(eval "${indexer_security_admin_comm}") + done + + # Wazuh alerts template injection + if [ -n "${offline_install}" ]; then + filebeat_wazuh_template="file://${offline_files_path}/wazuh-template.json" + fi + http_status=$(eval "common_curl --silent '${filebeat_wazuh_template}' --max-time 300 --retry 5 --retry-delay 5" | eval "common_curl -X PUT 'https://${indexer_node_ips[pos]}:9200/_template/wazuh' -H \'Content-Type: application/json\' -d @- -uadmin:admin -k --max-time 300 --silent --retry 5 --retry-delay 5 -w "%{http_code}" -o /dev/null") + if [ -z "${http_status}" ] || [ "${http_status}" -ne 200 ]; then + common_logger -e "The wazuh-alerts template could not be inserted into the Wazuh indexer cluster." + exit 1 + else + common_logger -d "Inserted wazuh-alerts template into the Wazuh indexer cluster." + fi +} + +# ------------ dashboard.sh ------------ +function dashboard_changePort() { + + chosen_port="$1" + http_port="${chosen_port}" + wazuh_dashboard_port=( "${http_port}" ) + wazuh_aio_ports=(9200 9300 1514 1515 1516 55000 "${http_port}") + + sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' "$0" + common_logger "Wazuh web interface port will be ${chosen_port}." +} +function dashboard_configure() { + + common_logger -d "Configuring Wazuh dashboard." + if [ -n "${AIO}" ]; then + eval "installCommon_getConfig dashboard/dashboard_assistant.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + dashboard_copyCertificates "${debug}" + else + eval "installCommon_getConfig dashboard/dashboard_assistant_distributed.yml /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + dashboard_copyCertificates "${debug}" + if [ "${#dashboard_node_names[@]}" -eq 1 ]; then + pos=0 + ip=${dashboard_node_ips[0]} + else + for i in "${!dashboard_node_names[@]}"; do + if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then + pos="${i}"; + fi + done + ip=${dashboard_node_ips[pos]} + fi + + if [[ "${ip}" != "127.0.0.1" ]]; then + echo "server.host: ${ip}" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + else + echo 'server.host: '0.0.0.0'' >> /etc/wazuh-dashboard/opensearch_dashboards.yml + fi + + if [ "${#indexer_node_names[@]}" -eq 1 ]; then + echo "opensearch.hosts: https://${indexer_node_ips[0]}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + else + echo "opensearch.hosts:" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + for i in "${indexer_node_ips[@]}"; do + echo " - https://${i}:9200" >> /etc/wazuh-dashboard/opensearch_dashboards.yml + done + fi + fi + + sed -i 's/server\.port: [0-9]\+$/server.port: '"${chosen_port}"'/' /etc/wazuh-dashboard/opensearch_dashboards.yml + + common_logger "Wazuh dashboard post-install configuration finished." + +} +function dashboard_copyCertificates() { + + common_logger -d "Copying Wazuh dashboard certificates." + eval "rm -f ${dashboard_cert_path}/* ${debug}" + name=${dashboard_node_names[pos]} + + if [ -f "${tar_file}" ]; then + if ! tar -tvf "${tar_file}" | grep -q "${name}" ; then + common_logger -e "Tar file does not contain certificate for the node ${name}." + installCommon_rollBack + exit 1; + fi + eval "mkdir ${dashboard_cert_path} ${debug}" + eval "sed -i s/dashboard.pem/${name}.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + eval "sed -i s/dashboard-key.pem/${name}-key.pem/ /etc/wazuh-dashboard/opensearch_dashboards.yml ${debug}" + eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/${name}-key.pem --strip-components 1 ${debug}" + eval "tar -xf ${tar_file} -C ${dashboard_cert_path} wazuh-install-files/root-ca.pem --strip-components 1 ${debug}" + eval "chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/ ${debug}" + eval "chmod 500 ${dashboard_cert_path} ${debug}" + eval "chmod 400 ${dashboard_cert_path}/* ${debug}" + eval "chown wazuh-dashboard:wazuh-dashboard ${dashboard_cert_path}/* ${debug}" + common_logger -d "Wazuh dashboard certificate setup finished." + else + common_logger -e "No certificates found. Wazuh dashboard could not be initialized." + installCommon_rollBack + exit 1 + fi + +} +function dashboard_initialize() { + + common_logger "Initializing Wazuh dashboard web application." + installCommon_getPass "admin" + j=0 + + if [ "${#dashboard_node_names[@]}" -eq 1 ]; then + nodes_dashboard_ip=${dashboard_node_ips[0]} + else + for i in "${!dashboard_node_names[@]}"; do + if [[ "${dashboard_node_names[i]}" == "${dashname}" ]]; then + pos="${i}"; + fi + done + nodes_dashboard_ip=${dashboard_node_ips[pos]} + fi + + if [ "${nodes_dashboard_ip}" == "localhost" ] || [[ "${nodes_dashboard_ip}" == 127.* ]]; then + print_ip="" + else + print_ip="${nodes_dashboard_ip}" + fi + + until [ "$(curl -XGET https://"${nodes_dashboard_ip}":"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null)" -eq "200" ] || [ "${j}" -eq "12" ]; do + sleep 10 + j=$((j+1)) + common_logger -d "Retrying Wazuh dashboard connection..." + done + + if [ ${j} -lt 12 ]; then + common_logger -d "Wazuh dashboard connection was successful." + if [ "${#server_node_names[@]}" -eq 1 ]; then + wazuh_api_address=${server_node_ips[0]} + else + for i in "${!server_node_types[@]}"; do + if [[ "${server_node_types[i]}" == "master" ]]; then + wazuh_api_address=${server_node_ips[i]} + fi + done + fi + if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then + eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" + fi + + common_logger "Wazuh dashboard web application initialized." + common_logger -nl "--- Summary ---" + common_logger -nl "You can access the web interface https://${print_ip}:${http_port}\n User: admin\n Password: ${u_pass}" + + else + flag="-w" + if [ -z "${force}" ]; then + flag="-e" + fi + failed_nodes=() + common_logger "${flag}" "Cannot connect to Wazuh dashboard." + + for i in "${!indexer_node_ips[@]}"; do + curl=$(common_curl -XGET https://"${indexer_node_ips[i]}":9200/ -uadmin:"${u_pass}" -k -s --max-time 300 --retry 5 --retry-delay 5 --fail) + exit_code=${PIPESTATUS[0]} + if [[ "${exit_code}" -eq "7" ]]; then + failed_connect=1 + failed_nodes+=("${indexer_node_names[i]}") + elif [ "${exit_code}" -eq "22" ]; then + sec_not_initialized=1 + fi + done + if [ -n "${failed_connect}" ]; then + common_logger "${flag}" "Failed to connect with ${failed_nodes[*]}. Connection refused." + fi + + if [ -n "${sec_not_initialized}" ]; then + common_logger "${flag}" "Wazuh indexer security settings not initialized. Please run the installation assistant using -s|--start-cluster in one of the wazuh indexer nodes." + fi + + if [ -z "${force}" ]; then + common_logger "If you want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -fd option" + installCommon_rollBack + exit 1 + else + common_logger -nl "--- Summary ---" + common_logger -nl "When Wazuh dashboard is able to connect to your Wazuh indexer cluster, you can access the web interface https://${print_ip}\n User: admin\n Password: ${u_pass}" + fi + fi + +} +function dashboard_initializeAIO() { + + wazuh_api_address=${server_node_ips[0]} + common_logger "Initializing Wazuh dashboard web application." + installCommon_getPass "admin" + http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) + retries=0 + max_dashboard_initialize_retries=20 + while [ "${http_code}" -ne "200" ] && [ "${retries}" -lt "${max_dashboard_initialize_retries}" ] + do + http_code=$(curl -XGET https://localhost:"${http_port}"/status -uadmin:"${u_pass}" -k -w %"{http_code}" -s -o /dev/null) + common_logger "Wazuh dashboard web application not yet initialized. Waiting..." + retries=$((retries+1)) + sleep 15 + done + if [ "${http_code}" -eq "200" ]; then + if [ -f "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" ]; then + eval "sed -i 's,url: https://localhost,url: https://${wazuh_api_address},g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml ${debug}" + fi + common_logger "Wazuh dashboard web application initialized." + common_logger -nl "--- Summary ---" + common_logger -nl "You can access the web interface https://:${http_port}\n User: admin\n Password: ${u_pass}" + else + common_logger -e "Wazuh dashboard installation failed." + installCommon_rollBack + exit 1 + fi +} +function dashboard_install() { + + common_logger "Starting Wazuh dashboard installation." + if [ "${sys_type}" == "yum" ]; then + installCommon_yumInstall "wazuh-dashboard" "${wazuh_version}-*" + elif [ "${sys_type}" == "apt-get" ]; then + installCommon_aptInstall "wazuh-dashboard" "${wazuh_version}-*" + fi + common_checkInstalled + if [ "$install_result" != 0 ] || [ -z "${dashboard_installed}" ]; then + common_logger -e "Wazuh dashboard installation failed." + installCommon_rollBack + exit 1 + else + common_logger "Wazuh dashboard installation finished." + fi + +} + function dist_detect() { @@ -4447,7 +4521,7 @@ function passwords_generateHash() { common_logger -d "Generating password hashes." for i in "${!passwords[@]}" do - nhash=$(bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p "${passwords[i]}" 2>&1 | grep -A 2 'issues' | tail -n 1) + nhash=$(bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p "${passwords[i]}" 2>&1) if [ "${PIPESTATUS[0]}" != 0 ]; then common_logger -e "Hash generation failed." if [[ $(type -t installCommon_rollBack) == "function" ]]; then @@ -4460,7 +4534,7 @@ function passwords_generateHash() { common_logger -d "Password hashes generated." else common_logger "Generating password hash" - hash=$(bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p "${password}" 2>&1 | grep -A 2 'issues' | tail -n 1) + hash=$(bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh -p "${password}" 2>&1) if [ "${PIPESTATUS[0]}" != 0 ]; then common_logger -e "Hash generation failed." if [[ $(type -t installCommon_rollBack) == "function" ]]; then