/var/ossec/etc/ossec.conf multiple root elements #20348
Assignees
Labels
Comments
|
Don't know if the following issue already got fixed in Wazuh: |
|
Hello. We support the installation of Wazuh via Ansible. In fact, we have a dedicated repository to perform this task: https://github.com/wazuh/wazuh-ansible/tree/v4.7.0 I have tested your behavior. I have deployed the Wazuh stack using the Show log>ansible-playbook wazuh-single.yml -v
Using /home/davidcr01/Wazuh/ansible/playbooks/ansible.cfg as config file
PLAY [centos7] *****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [192.168.57.102]
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
ok: [192.168.57.102] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo_vars.yml"], "changed": false}
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
ok: [192.168.57.102] => {"ansible_facts": {"certs_gen_tool_url": "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "wazuh_repo": {"apt": "deb https://packages.wazuh.com/4.x/apt/ stable main", "gpg": "https://packages.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages.wazuh.com/4.x/yum/"}, "wazuh_winagent_config_url": "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo.yml"], "changed": false}
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'staging'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****
ok: [192.168.57.102 -> localhost] => {"changed": false, "stat": {"exists": false}}
TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***
changed: [192.168.57.102 -> localhost] => {"changed": true, "gid": 1000, "group": "davidcr01", "mode": "0755", "owner": "davidcr01", "path": "/home/davidcr01/Wazuh/ansible/playbooks/indexer/certificates", "size": 4096, "state": "directory", "uid": 1000}
TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] ***
ok: [192.168.57.102 -> localhost] => {"changed": false, "stat": {"exists": false}}
TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] ***
changed: [192.168.57.102 -> localhost] => {"changed": true, "checksum_dest": null, "checksum_src": "e8a5004c728428256eb8ed64c0053fe1ecb18aa6", "dest": "/home/davidcr01/Wazuh/ansible/playbooks/indexer/certificates/wazuh-certs-tool.sh", "elapsed": 0, "gid": 1000, "group": "davidcr01", "md5sum": "a946afd6e02826402550c5a081c12006", "mode": "0664", "msg": "OK (32077 bytes)", "owner": "davidcr01", "size": 32077, "src": "/home/davidcr01/.ansible/tmp/ansible-tmp-1701080804.883124-12307-237595558960786/tmppm43xta0", "state": "file", "status_code": 200, "uid": 1000, "url": "https://packages.wazuh.com/4.6/wazuh-certs-tool.sh"}
TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] ***
changed: [192.168.57.102 -> localhost] => {"changed": true, "checksum": "0ccc2b1e9a1336d9afd001a0a436160a0d789a73", "dest": "/home/davidcr01/Wazuh/ansible/playbooks/indexer/certificates/config.yml", "gid": 1000, "group": "davidcr01", "md5sum": "df7a5ad4189a12f11763175ced84ef8e", "mode": "0644", "owner": "davidcr01", "size": 205, "src": "/home/davidcr01/.ansible/tmp/ansible-tmp-1701080805.5198615-12333-174678711083565/source", "state": "file", "uid": 1000}
TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***
changed: [192.168.57.102 -> localhost] => {"changed": true, "cmd": ["bash", "/home/davidcr01/Wazuh/ansible/playbooks/indexer/certificates/wazuh-certs-tool.sh", "-A"], "delta": "0:00:00.549296", "end": "2023-11-27 11:26:46.781175", "msg": "", "rc": 0, "start": "2023-11-27 11:26:46.231879", "stderr": "", "stderr_lines": [], "stdout": "27/11/2023 11:26:46 INFO: Admin certificates created.\n27/11/2023 11:26:46 INFO: Wazuh indexer certificates created.", "stdout_lines": ["27/11/2023 11:26:46 INFO: Admin certificates created.", "27/11/2023 11:26:46 INFO: Wazuh indexer certificates created."]}
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ***************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ******************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Update cache] *****************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] *******
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ***********
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] *************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] *****
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] *******
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : include_tasks] ****************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] *****
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Index files to remove] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ***********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ***************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] *************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}
PLAY [centos7] *****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [192.168.57.102]
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
ok: [192.168.57.102] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo_vars.yml"], "changed": false}
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
ok: [192.168.57.102] => {"ansible_facts": {"certs_gen_tool_url": "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "wazuh_repo": {"apt": "deb https://packages.wazuh.com/4.x/apt/ stable main", "gpg": "https://packages.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages.wazuh.com/4.x/yum/"}, "wazuh_winagent_config_url": "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo.yml"], "changed": false}
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'staging'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****
ok: [192.168.57.102 -> localhost] => {"changed": false, "stat": {"atime": 1701080804.6483595, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "binary", "ctime": 1701080806.7723742, "dev": 2051, "device_type": 0, "executable": true, "exists": true, "gid": 1000, "gr_name": "davidcr01", "inode": 10233092, "isblk": false, "ischr": false, "isdir": true, "isfifo": false, "isgid": false, "islnk": false, "isreg": false, "issock": false, "isuid": false, "mimetype": "inode/directory", "mode": "0755", "mtime": 1701080806.7723742, "nlink": 3, "path": "/home/davidcr01/Wazuh/ansible/playbooks/indexer/certificates", "pw_name": "davidcr01", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 4096, "uid": 1000, "version": "3081111309", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true}}
TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "present"}
TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_distribution == 'Amazon'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ***************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_distribution == 'Amazon'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ******************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_distribution == 'Amazon'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***
changed: [192.168.57.102] => {"changed": true, "changes": {"installed": ["wget", "unzip"]}, "msg": "warning: /var/cache/yum/x86_64/7/updates/packages/unzip-6.0-24.el7_9.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY\nImporting GPG key 0xF4A80EB5:\n Userid : \"CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>\"\n Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5\n Package : centos-release-7-8.2003.0.el7.centos.x86_64 (@anaconda)\n From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7\n", "rc": 0, "results": ["Loaded plugins: fastestmirror\nDetermining fastest mirrors\n * base: mirrors.pt\n * extras: mirrors.pt\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package unzip.x86_64 0:6.0-24.el7_9 will be installed\n---> Package wget.x86_64 0:1.14-18.el7_6.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n unzip x86_64 6.0-24.el7_9 updates 172 k\n wget x86_64 1.14-18.el7_6.1 base 547 k\n\nTransaction Summary\n================================================================================\nInstall 2 Packages\n\nTotal download size: 720 k\nInstalled size: 2.3 M\nDownloading packages:\nPublic key for unzip-6.0-24.el7_9.x86_64.rpm is not installed\nPublic key for wget-1.14-18.el7_6.1.x86_64.rpm is not installed\n--------------------------------------------------------------------------------\nTotal 1.6 MB/s | 720 kB 00:00 \nRetrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : wget-1.14-18.el7_6.1.x86_64 1/2 \n Installing : unzip-6.0-24.el7_9.x86_64 2/2 \n Verifying : unzip-6.0-24.el7_9.x86_64 1/2 \n Verifying : wget-1.14-18.el7_6.1.x86_64 2/2 \n\nInstalled:\n unzip.x86_64 0:6.0-24.el7_9 wget.x86_64 0:1.14-18.el7_6.1 \n\nComplete!\n"]}
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ********************
changed: [192.168.57.102] => {"changed": true, "changes": {"installed": ["wazuh-indexer-4.6.0"]}, "msg": "warning: /var/cache/yum/x86_64/7/wazuh_repo/packages/wazuh-indexer-4.6.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY\nImporting GPG key 0x29111145:\n Userid : \"Wazuh.com (Wazuh Signing Key) <support@wazuh.com>\"\n Fingerprint: 0dcf ca55 47b1 9d2a 6099 5060 96b3 ee5f 2911 1145\n From : https://packages.wazuh.com/key/GPG-KEY-WAZUH\n", "rc": 0, "results": ["Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.pt\n * extras: mirrors.pt\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package wazuh-indexer.x86_64 0:4.6.0-1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n wazuh-indexer x86_64 4.6.0-1 wazuh_repo 673 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 673 M\nInstalled size: 930 M\nDownloading packages:\nPublic key for wazuh-indexer-4.6.0-1.x86_64.rpm is not installed\nRetrieving key from https://packages.wazuh.com/key/GPG-KEY-WAZUH\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : wazuh-indexer-4.6.0-1.x86_64 1/1 \nCreated opensearch keystore in /etc/wazuh-indexer/opensearch.keystore\n Verifying : wazuh-indexer-4.6.0-1.x86_64 1/1 \n\nInstalled:\n wazuh-indexer.x86_64 0:4.6.0-1 \n\nComplete!\n"]}
TASK [../roles/wazuh/wazuh-indexer : Update cache] *****************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] *******
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ***********
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] *************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] ***
changed: [192.168.57.102] => {"changed": true, "cmd": ["./opensearch-plugin", "remove", "opensearch-performance-analyzer"], "delta": "0:00:01.653352", "end": "2023-11-27 10:31:40.875426", "failed_when_result": false, "msg": "", "rc": 0, "start": "2023-11-27 10:31:39.222074", "stderr": "", "stderr_lines": [], "stdout": "-> removing [opensearch-performance-analyzer]...\n-> preserving plugin config files [/etc/wazuh-indexer/opensearch-performance-analyzer] in case of upgrade; use --purge if not needed", "stdout_lines": ["-> removing [opensearch-performance-analyzer]...", "-> preserving plugin config files [/etc/wazuh-indexer/opensearch-performance-analyzer] in case of upgrade; use --purge if not needed"]}
TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] *****
changed: [192.168.57.102] => {"changed": true, "path": "/etc/wazuh-indexer/opensearch.yml", "state": "absent"}
TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] *******
changed: [192.168.57.102] => {"changed": true, "checksum": "a4274fd4697c79fffe669c100dc4cdf2e6e82e0d", "dest": "/etc/wazuh-indexer/opensearch.yml", "gid": 994, "group": "wazuh-indexer", "md5sum": "51ec9c7bdf48d5743394311e52877ac6", "mode": "0640", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 2349, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081101.3425796-12932-47468259896212/source", "state": "file", "uid": 0}
TASK [../roles/wazuh/wazuh-indexer : include_tasks] ****************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/security_actions.yml for 192.168.57.102
TASK [../roles/wazuh/wazuh-indexer : Configure IP (Private address)] ***********
skipping: [192.168.57.102] => {"changed": false, "false_condition": "hostvars[inventory_hostname]['private_ip'] is defined", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Configure IP (Public address)] ************
ok: [192.168.57.102] => {"ansible_facts": {"target_address": "127.0.0.1"}, "changed": false}
TASK [../roles/wazuh/wazuh-indexer : Ensure Indexer certificates directory permissions.] ***
changed: [192.168.57.102] => {"changed": true, "gid": 994, "group": "wazuh-indexer", "mode": "0764", "owner": "wazuh-indexer", "path": "/etc/wazuh-indexer/certs/", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 997}
TASK [../roles/wazuh/wazuh-indexer : Copy the node & admin certificates to Wazuh indexer cluster] ***
changed: [192.168.57.102] => (item=root-ca.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "4eab58b390d9caa77e3c3bd5a489faca8f56a26a", "dest": "/etc/wazuh-indexer/certs/root-ca.pem", "gid": 994, "group": "wazuh-indexer", "item": "root-ca.pem", "md5sum": "a7a08c33ea53ad4b309d4a1ef5452f40", "mode": "0400", "owner": "wazuh-indexer", "secontext": "system_u:object_r:etc_t:s0", "size": 1204, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081102.5686219-12982-30973833133219/source", "state": "file", "uid": 997}
changed: [192.168.57.102] => (item=root-ca.key) => {"ansible_loop_var": "item", "changed": true, "checksum": "65ece29a6d8dee6fd7be9c6ef4e5fc03b60e49d7", "dest": "/etc/wazuh-indexer/certs/root-ca.key", "gid": 994, "group": "wazuh-indexer", "item": "root-ca.key", "md5sum": "a3e53dbd47e206665355c4bf2c8609ae", "mode": "0400", "owner": "wazuh-indexer", "secontext": "system_u:object_r:etc_t:s0", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081103.2517264-12982-22103652914566/source", "state": "file", "uid": 997}
changed: [192.168.57.102] => (item=node-1-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "b6fb2cda02630c9cd4df99730555534f2a46ed6c", "dest": "/etc/wazuh-indexer/certs/node-1-key.pem", "gid": 994, "group": "wazuh-indexer", "item": "node-1-key.pem", "md5sum": "be0b4514e5c988789e95b9726fa1e7f8", "mode": "0400", "owner": "wazuh-indexer", "secontext": "system_u:object_r:etc_t:s0", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081103.931463-12982-4623941536474/source", "state": "file", "uid": 997}
changed: [192.168.57.102] => (item=node-1.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "b2fcb6e7b1bd51a4322fed389a0d4ba7af7373c4", "dest": "/etc/wazuh-indexer/certs/node-1.pem", "gid": 994, "group": "wazuh-indexer", "item": "node-1.pem", "md5sum": "0ec1884c981fa0079100a31ced55ddde", "mode": "0400", "owner": "wazuh-indexer", "secontext": "system_u:object_r:etc_t:s0", "size": 1277, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081104.610995-12982-190927879779937/source", "state": "file", "uid": 997}
changed: [192.168.57.102] => (item=admin-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "3faf8b0dbe1d60160d58f52916d7da20eb9fe7c8", "dest": "/etc/wazuh-indexer/certs/admin-key.pem", "gid": 994, "group": "wazuh-indexer", "item": "admin-key.pem", "md5sum": "eb9b5b2d85616967731ae675f6aaf59c", "mode": "0400", "owner": "wazuh-indexer", "secontext": "system_u:object_r:etc_t:s0", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081105.2877734-12982-97069546294318/source", "state": "file", "uid": 997}
changed: [192.168.57.102] => (item=admin.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "2716271e1869d656b1b9b3ce9e17b397df629bd8", "dest": "/etc/wazuh-indexer/certs/admin.pem", "gid": 994, "group": "wazuh-indexer", "item": "admin.pem", "md5sum": "8ce5cf07e39b271675c87f08ddc659cc", "mode": "0400", "owner": "wazuh-indexer", "secontext": "system_u:object_r:etc_t:s0", "size": 1119, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081105.9714673-12982-276567051167275/source", "state": "file", "uid": 997}
TASK [../roles/wazuh/wazuh-indexer : Restart Wazuh indexer with security configuration] ***
changed: [192.168.57.102] => {"changed": true, "name": "wazuh-indexer", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice tmp.mount network-online.target systemd-journald.socket basic.target -.mount", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Wazuh-indexer", "DevicePolicy": "auto", "Documentation": "https://documentation.wazuh.com", "Environment": "OPENSEARCH_HOME=/usr/share/wazuh-indexer OPENSEARCH_PATH_CONF=/etc/wazuh-indexer PID_DIR=/run/wazuh-indexer OPENSEARCH_SD_NOTIFY=true", "EnvironmentFile": "/etc/sysconfig/wazuh-indexer (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-indexer/bin/systemd-entrypoint ; argv[]=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/wazuh-indexer.service", "Group": "wazuh-indexer", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "wazuh-indexer.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "process", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "65535", "LimitNPROC": "4096", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "wazuh-indexer.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "yes", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice -.mount", "RequiresMountsFor": "/usr/share/wazuh-indexer /var/tmp", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectory": "wazuh-indexer", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "no", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "3min", "TimeoutStopUSec": "0", "TimerSlackNSec": "50000", "Transient": "no", "Type": "notify", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "User": "wazuh-indexer", "Wants": "network-online.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-indexer"}}
TASK [../roles/wazuh/wazuh-indexer : Copy the Opensearch security internal users template] ***
changed: [192.168.57.102] => {"changed": true, "checksum": "6475bb616c085f988c1fe09fe9e96750acadf3af", "dest": "/etc/wazuh-indexer/opensearch-security/internal_users.yml", "gid": 994, "group": "wazuh-indexer", "md5sum": "499247bfbc0488b8ddffe47663ebb7a3", "mode": "0644", "owner": "wazuh-indexer", "secontext": "system_u:object_r:etc_t:s0", "size": 396, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081125.090635-13151-28569318715759/source", "state": "file", "uid": 997}
TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] ********
changed: [192.168.57.102] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}
TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] **************
changed: [192.168.57.102] => {"changed": true, "msg": "1 replacements made", "rc": 0}
TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ***
changed: [192.168.57.102] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}
TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] *******
changed: [192.168.57.102] => {"changed": true, "msg": "1 replacements made", "rc": 0}
TASK [../roles/wazuh/wazuh-indexer : Initialize the Opensearch security index in Wazuh indexer] ***
changed: [192.168.57.102] => {"attempts": 1, "changed": true, "cmd": ["sudo", "-u", "wazuh-indexer", "OPENSEARCH_PATH_CONF=/etc/wazuh-indexer", "JAVA_HOME=/usr/share/wazuh-indexer/jdk", "/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh", "-cd", "/etc/wazuh-indexer/opensearch-security/", "-icl", "-p", "9200", "-cd", "/etc/wazuh-indexer/opensearch-security/", "-nhnv", "-cacert", "/etc/wazuh-indexer/certs/root-ca.pem", "-cert", "/etc/wazuh-indexer/certs/admin.pem", "-key", "/etc/wazuh-indexer/certs/admin-key.pem", "-h", "127.0.0.1"], "delta": "0:00:05.562364", "end": "2023-11-27 10:32:15.736384", "msg": "", "rc": 0, "start": "2023-11-27 10:32:10.174020", "stderr": "", "stderr_lines": [], "stdout": "**************************************************************************\n** This tool will be deprecated in the next major release of OpenSearch **\n** https://github.com/opensearch-project/security/issues/1755 **\n**************************************************************************\nSecurity Admin v7\nWill connect to 127.0.0.1:9200 ... done\nConnected as \"CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US\"\nOpenSearch Version: 2.8.0\nContacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...\nClustername: wazuh\nClusterstate: GREEN\nNumber of nodes: 1\nNumber of data nodes: 1\n.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)\nPopulate config from /etc/wazuh-indexer/opensearch-security/\nWill update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml \n SUCC: Configuration for 'config' created or updated\nWill update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml \n SUCC: Configuration for 'roles' created or updated\nWill update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \n SUCC: Configuration for 'rolesmapping' created or updated\nWill update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml \n SUCC: Configuration for 'internalusers' created or updated\nWill update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml \n SUCC: Configuration for 'actiongroups' created or updated\nWill update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml \n SUCC: Configuration for 'tenants' created or updated\nWill update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml \n SUCC: Configuration for 'nodesdn' created or updated\nWill update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml \n SUCC: Configuration for 'whitelist' created or updated\nWill update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml \n SUCC: Configuration for 'audit' created or updated\nWill update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml \n SUCC: Configuration for 'allowlist' created or updated\nSUCC: Expected 10 config types for node {\"updated_config_types\":[\"allowlist\",\"tenants\",\"rolesmapping\",\"nodesdn\",\"audit\",\"roles\",\"whitelist\",\"internalusers\",\"actiongroups\",\"config\"],\"updated_config_size\":10,\"message\":null} is 10 ([\"allowlist\",\"tenants\",\"rolesmapping\",\"nodesdn\",\"audit\",\"roles\",\"whitelist\",\"internalusers\",\"actiongroups\",\"config\"]) due to: null\nDone with success", "stdout_lines": ["**************************************************************************", "** This tool will be deprecated in the next major release of OpenSearch **", "** https://github.com/opensearch-project/security/issues/1755 **", "**************************************************************************", "Security Admin v7", "Will connect to 127.0.0.1:9200 ... done", "Connected as \"CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US\"", "OpenSearch Version: 2.8.0", "Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...", "Clustername: wazuh", "Clusterstate: GREEN", "Number of nodes: 1", "Number of data nodes: 1", ".opendistro_security index does not exists, attempt to create it ... done (0-all replicas)", "Populate config from /etc/wazuh-indexer/opensearch-security/", "Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml ", " SUCC: Configuration for 'config' created or updated", "Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml ", " SUCC: Configuration for 'roles' created or updated", "Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml ", " SUCC: Configuration for 'rolesmapping' created or updated", "Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml ", " SUCC: Configuration for 'internalusers' created or updated", "Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml ", " SUCC: Configuration for 'actiongroups' created or updated", "Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml ", " SUCC: Configuration for 'tenants' created or updated", "Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml ", " SUCC: Configuration for 'nodesdn' created or updated", "Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml ", " SUCC: Configuration for 'whitelist' created or updated", "Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml ", " SUCC: Configuration for 'audit' created or updated", "Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml ", " SUCC: Configuration for 'allowlist' created or updated", "SUCC: Expected 10 config types for node {\"updated_config_types\":[\"allowlist\",\"tenants\",\"rolesmapping\",\"nodesdn\",\"audit\",\"roles\",\"whitelist\",\"internalusers\",\"actiongroups\",\"config\"],\"updated_config_size\":10,\"message\":null} is 10 ([\"allowlist\",\"tenants\",\"rolesmapping\",\"nodesdn\",\"audit\",\"roles\",\"whitelist\",\"internalusers\",\"actiongroups\",\"config\"]) due to: null", "Done with success"]}
TASK [../roles/wazuh/wazuh-indexer : Create custom user] ***********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "indexer_custom_user is defined and indexer_custom_user", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] *****
changed: [192.168.57.102] => {"changed": true, "checksum": "961394bf3ae6a01c98de77fc0bd8a9b37303d11b", "dest": "/etc/wazuh-indexer/jvm.options", "gid": 994, "group": "wazuh-indexer", "md5sum": "9e63bfd33583c6004d3e1a2b351d09e3", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 2475, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081135.8757188-13264-258404859663982/source", "state": "file", "uid": 0}
TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] ***
changed: [192.168.57.102] => {"backup": "", "changed": true, "msg": "line replaced"}
TASK [../roles/wazuh/wazuh-indexer : Index files to remove] ********************
ok: [192.168.57.102] => {"changed": false, "examined": 1, "files": [], "matched": 0, "msg": "All paths examined", "skipped_paths": {}}
TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ***********************
skipping: [192.168.57.102] => {"changed": false, "skipped_reason": "No items in the list"}
TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] ***
changed: [192.168.57.102] => {"changed": true, "enabled": true, "name": "wazuh-indexer", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-11-27 10:32:04 UTC", "ActiveEnterTimestampMonotonic": "2089806382", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice -.mount systemd-journald.socket network-online.target tmp.mount basic.target", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-11-27 10:31:47 UTC", "AssertTimestampMonotonic": "2072506280", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2023-11-27 10:31:47 UTC", "ConditionTimestampMonotonic": "2072506280", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-indexer.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Wazuh-indexer", "DevicePolicy": "auto", "Documentation": "https://documentation.wazuh.com", "Environment": "OPENSEARCH_HOME=/usr/share/wazuh-indexer OPENSEARCH_PATH_CONF=/etc/wazuh-indexer PID_DIR=/run/wazuh-indexer OPENSEARCH_SD_NOTIFY=true", "EnvironmentFile": "/etc/sysconfig/wazuh-indexer (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4861", "ExecMainStartTimestamp": "Mon 2023-11-27 10:31:47 UTC", "ExecMainStartTimestampMonotonic": "2072508142", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-indexer/bin/systemd-entrypoint ; argv[]=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet ; ignore_errors=no ; start_time=[Mon 2023-11-27 10:31:47 UTC] ; stop_time=[n/a] ; pid=4861 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/wazuh-indexer.service", "Group": "wazuh-indexer", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "wazuh-indexer.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2023-11-27 10:31:47 UTC", "InactiveExitTimestampMonotonic": "2072508190", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "process", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "65535", "LimitNPROC": "4096", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4861", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "wazuh-indexer.service", "NeedDaemonReload": "yes", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "yes", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice -.mount", "RequiresMountsFor": "/usr/share/wazuh-indexer /var/tmp", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectory": "wazuh-indexer", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "no", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "3min", "TimeoutStopUSec": "0", "TimerSlackNSec": "50000", "Transient": "no", "Type": "notify", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "User": "wazuh-indexer", "Wants": "network-online.target", "WatchdogTimestamp": "Mon 2023-11-27 10:32:04 UTC", "WatchdogTimestampMonotonic": "2089806334", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-indexer"}}
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ***************
ok: [192.168.57.102] => {"attempts": 1, "changed": false, "content": "1701081139 10:32:19 wazuh green 1 1 true 2 2 0 0 0 0 - 100.0%\n", "content_length": "62", "content_type": "text/plain; charset=UTF-8", "cookies": {}, "cookies_string": "", "elapsed": 0, "msg": "OK (62 bytes)", "redirected": false, "status": 200, "url": "https://127.0.0.1:9200/_cat/health/"}
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip']", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "absent"}
TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] *************
ok: [192.168.57.102] => {"changed": false, "name": null, "status": {}}
TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] *************
ok: [192.168.57.102] => {"attempts": 1, "changed": false, "msg": "", "rc": 0, "results": ["unzip-6.0-24.el7_9.x86_64 providing unzip is already installed", "1:openssl-1.0.2k-19.el7.x86_64 providing openssl is already installed", "2:tar-1.26-35.el7.x86_64 providing tar is already installed", "curl-7.29.0-57.el7.x86_64 providing curl is already installed"]}
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *********************
ok: [192.168.57.102] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/../../vars/repo_vars.yml"], "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *********************
ok: [192.168.57.102] => {"ansible_facts": {"certs_gen_tool_url": "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "wazuh_repo": {"apt": "deb https://packages.wazuh.com/4.x/apt/ stable main", "gpg": "https://packages.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages.wazuh.com/4.x/yum/"}, "wazuh_winagent_config_url": "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/../../vars/repo.yml"], "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'staging'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] ***
ok: [192.168.57.102] => {"ansible_facts": {"wazuh_manager_config": {"agents_disconnection_alert_time": "100s", "agents_disconnection_time": "20s", "alerts_log": "yes", "api": {"access_block_time": 300, "access_max_login_attempts": 5, "access_max_request_per_minute": 300, "behind_proxy_server": false, "bind_addr": "0.0.0.0", "cache": true, "cache_time": 0.75, "cors": false, "cors_allow_credentials": false, "cors_allow_headers": "*", "cors_expose_headers": "*", "cors_source_route": "*", "drop_privileges": true, "experimental_features": false, "https": true, "https_ca": "api/configuration/ssl/ca.crt", "https_cert": "api/configuration/ssl/server.crt", "https_key": "api/configuration/ssl/server.key", "https_use_ca": false, "logging_level": "info", "logging_path": "logs/api.log", "port": 55000, "remote_commands_localfile": true, "remote_commands_localfile_exceptions": [], "remote_commands_wodle": true, "remote_commands_wodle_exceptions": []}, "authd": {"ciphers": "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH", "enable": true, "force": {"after_registration_time": "1h", "disconnected_time": "1h", "enabled": "yes", "key_mismatch": "yes"}, "port": 1515, "purge": "yes", "ssl_agent_ca": null, "ssl_auto_negotiate": "no", "ssl_manager_cert": "sslmanager.cert", "ssl_manager_key": "sslmanager.key", "ssl_verify_host": "no", "use_password": "no", "use_source_ip": "no"}, "cis_cat": {"ciscat_path": "wodles/ciscat", "disable": "yes", "install_java": "yes", "interval": "1d", "java_path": "/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin", "scan_on_start": "yes", "timeout": 1800}, "cluster": {"bind_addr": "0.0.0.0", "disable": "yes", "hidden": "no", "key": "ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa", "name": "wazuh", "node_name": "manager_01", "node_type": "master", "nodes": ["manager"], "port": "1516"}, "commands": [{"executable": "disable-account", "name": "disable-account", "timeout_allowed": "yes"}, {"executable": "restart-wazuh", "name": "restart-wazuh"}, {"executable": "firewall-drop", "expect": "srcip", "name": "firewall-drop", "timeout_allowed": "yes"}, {"executable": "host-deny", "name": "host-deny", "timeout_allowed": "yes"}, {"executable": "route-null", "name": "route-null", "timeout_allowed": "yes"}, {"executable": "route-null.exe", "name": "win_route-null", "timeout_allowed": "yes"}, {"executable": "netsh.exe", "name": "netsh", "timeout_allowed": "yes"}], "connection": [{"port": "1514", "protocol": "tcp", "queue_size": 131072, "type": "secure"}], "email_level": 12, "email_log_source": "alerts.log", "email_notification": "no", "extra_emails": [{"do_not_delay": false, "do_not_group": false, "enable": false, "event_location": null, "format": "full", "group": null, "level": 7, "mail_to": "recipient@example.wazuh.com", "rule_id": null}], "globals": ["127.0.0.1", "^localhost.localdomain$", "127.0.0.53"], "integrations": [{"alert_format": "json", "alert_level": 10, "hook_url": "<hook_url>", "name": null, "rule_id": null}, {"alert_level": 12, "api_key": "<api_key>", "name": null}], "json_output": "yes", "labels": {"enable": false, "list": [{"key": "Env", "value": "Production"}]}, "localfiles": {"centos": [{"format": "syslog", "location": "/var/log/messages"}, {"format": "syslog", "location": "/var/log/secure"}, {"format": "syslog", "location": "/var/log/maillog"}, {"format": "audit", "location": "/var/log/audit/audit.log"}], "common": [{"command": "df -P", "format": "command", "frequency": "360"}, {"alias": "netstat listening ports", "command": "netstat -tulpn | sed 's/\\([[:alnum:]]\\+\\)\\ \\+[[:digit:]]\\+\\ \\+[[:digit:]]\\+\\ \\+\\(.*\\):\\([[:digit:]]*\\)\\ \\+\\([0-9\\.\\:\\*]\\+\\).\\+\\ \\([[:digit:]]*\\/[[:alnum:]\\-]*\\).*/\\1 \\2 == \\3 == \\4 \\5/' | sort -k 4 -g | sed 's/ == \\(.*\\) ==/:\\1/' | sed 1,2d", "format": "full_command", "frequency": "360"}, {"command": "last -n 20", "format": "full_command", "frequency": "360"}, {"format": "syslog", "location": "/var/ossec/logs/active-responses.log"}], "debian": [{"format": "syslog", "location": "/var/log/auth.log"}, {"format": "syslog", "location": "/var/log/syslog"}, {"format": "syslog", "location": "/var/log/dpkg.log"}, {"format": "syslog", "location": "/var/log/kern.log"}]}, "log_format": "plain", "log_level": 3, "logall": "no", "logall_json": "no", "mail_from": "wazuh@example.wazuh.com", "mail_maxperhour": 12, "mail_queue_size": 131072, "mail_smtp_server": "smtp.example.wazuh.com", "mail_to": ["admin@example.net"], "monitor_aws": {"disabled": "yes", "interval": "10m", "run_on_start": "yes", "s3": [{"access_key": null, "bucket_type": null, "name": null, "only_logs_after": null, "path": null, "secret_key": null}], "skip_on_error": "yes"}, "openscap": {"disable": "yes", "interval": "1d", "scan_on_start": "yes", "timeout": 1800}, "osquery": {"ad_labels": "yes", "config_path": "/etc/osquery/osquery.conf", "disable": "yes", "log_path": "/var/log/osquery/osqueryd.results.log", "run_daemon": "yes"}, "repo": {"apt": "deb https://packages.wazuh.com/4.x/apt/ stable main", "gpg": "https://packages.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages.wazuh.com/4.x/yum/"}, "reports": [{"category": "syscheck", "email_to": "recipient@example.wazuh.com", "enable": false, "group": null, "level": null, "location": null, "rule": null, "showlogs": null, "srcip": null, "title": "Daily report: File changes", "user": null}], "rootcheck": {"frequency": 43200}, "rule_exclude": ["0215-policy_rules.xml"], "ruleset": {"cdb_lists": ["audit-keys", "security-eventchannel", "amazon/aws-eventnames"], "decoders_path": "custom_ruleset/decoders/", "rules_path": "custom_ruleset/rules/"}, "sca": {"day": "", "enabled": "yes", "interval": "12h", "scan_on_start": "yes", "skip_nfs": "yes", "time": "", "wday": ""}, "syscheck": {"auto_ignore": "no", "auto_ignore_frequency": {"frequency": "frequency=\"10\"", "timeframe": "timeframe=\"3600\"", "value": "no"}, "directories": [{"checks": "", "dirs": "/etc,/usr/bin,/usr/sbin"}, {"checks": "", "dirs": "/bin,/sbin,/boot"}], "disable": "no", "frequency": 43200, "ignore": ["/etc/mtab", "/etc/hosts.deny", "/etc/mail/statistics", "/etc/random-seed", "/etc/random.seed", "/etc/adjtime", "/etc/httpd/logs", "/etc/utmpx", "/etc/wtmpx", "/etc/cups/certs", "/etc/dumpdates", "/etc/svc/volatile"], "ignore_linux_type": [".log$|.swp$"], "max_eps": 100, "no_diff": ["/etc/ssl/private.key"], "process_priority": 10, "scan_on_start": "yes", "skip_dev": "yes", "skip_nfs": "yes", "skip_proc": "yes", "skip_sys": "yes", "sync_enabled": "yes", "sync_interval": "5m", "sync_max_eps": 10, "sync_max_interval": "1h"}, "syscollector": {"disable": "no", "hardware": "yes", "interval": "1h", "network": "yes", "os": "yes", "packages": "yes", "ports_no": "yes", "processes": "yes", "scan_on_start": "yes"}, "syslog_outputs": [{"format": null, "port": null, "server": null}], "vulnerability_detector": {"enabled": "no", "interval": "5m", "min_full_scan_interval": "6h", "providers": [{"enabled": "no", "name": "\"canonical\"", "os": ["trusty", "xenial", "bionic", "focal", "jammy"], "update_interval": "1h"}, {"enabled": "no", "name": "\"debian\"", "os": ["buster", "bullseye", "bookworm"], "update_interval": "1h"}, {"enabled": "no", "name": "\"redhat\"", "os": ["5", "6", "7", "8", "9"], "update_interval": "1h"}, {"enabled": "no", "name": "\"almalinux\"", "os": ["8", "9"], "update_interval": "1h"}, {"enabled": "no", "name": "\"alas\"", "os": ["amazon-linux", "amazon-linux-2"], "update_interval": "1h"}, {"enabled": "no", "name": "\"suse\"", "os": ["11-server", "11-desktop", "12-server", "12-desktop", "15-server", "15-desktop"], "update_interval": "1h"}, {"enabled": "no", "name": "\"arch\"", "update_interval": "1h"}, {"enabled": "no", "name": "\"msu\"", "update_interval": "1h"}, {"enabled": "no", "name": "\"nvd\"", "update_interval": "1h"}], "run_on_start": "yes"}}}, "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml for 192.168.57.102
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS 5 | Install Wazuh repo] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "(ansible_distribution_major_version|int <= 5)", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Install Wazuh repo] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "present"}
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Install openscap] ***
changed: [192.168.57.102] => (item=openscap-scanner) => {"ansible_loop_var": "item", "attempts": 1, "changed": true, "changes": {"installed": ["openscap-scanner"]}, "item": "openscap-scanner", "msg": "Repository wazuh_repo is listed more than once in the configuration\n", "rc": 0, "results": ["Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.pt\n * extras: mirrors.pt\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package openscap-scanner.x86_64 0:1.2.17-15.el7_9 will be installed\n--> Processing Dependency: openscap(x86-64) = 1.2.17-15.el7_9 for package: openscap-scanner-1.2.17-15.el7_9.x86_64\n--> Processing Dependency: libopenscap.so.8()(64bit) for package: openscap-scanner-1.2.17-15.el7_9.x86_64\n--> Running transaction check\n---> Package openscap.x86_64 0:1.2.17-15.el7_9 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n openscap-scanner x86_64 1.2.17-15.el7_9 updates 64 k\nInstalling for dependencies:\n openscap x86_64 1.2.17-15.el7_9 updates 3.9 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+1 Dependent package)\n\nTotal download size: 3.9 M\nInstalled size: 62 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 1.0 MB/s | 3.9 MB 00:03 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : openscap-1.2.17-15.el7_9.x86_64 1/2 \n Installing : openscap-scanner-1.2.17-15.el7_9.x86_64 2/2 \n Verifying : openscap-scanner-1.2.17-15.el7_9.x86_64 1/2 \n Verifying : openscap-1.2.17-15.el7_9.x86_64 2/2 \n\nInstalled:\n openscap-scanner.x86_64 0:1.2.17-15.el7_9 \n\nDependency Installed:\n openscap.x86_64 0:1.2.17-15.el7_9 \n\nComplete!\n"]}
TASK [../roles/wazuh/ansible-wazuh-manager : CentOS 6 | Install Software Collections (SCL) Repository] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat 6 | Enabling Red Hat Software Collections (RHSCL)] ***
skipping: [192.168.57.102] => (item=rhui-REGION-rhel-server-rhscl) => {"ansible_loop_var": "item", "changed": false, "false_condition": "ansible_distribution == 'RedHat' and ansible_distribution_major_version == '6'", "item": "rhui-REGION-rhel-server-rhscl", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => (item=rhel-server-rhscl-6-rpms) => {"ansible_loop_var": "item", "changed": false, "false_condition": "ansible_distribution == 'RedHat' and ansible_distribution_major_version == '6'", "item": "rhel-server-rhscl-6-rpms", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => {"changed": false, "msg": "All items skipped"}
TASK [../roles/wazuh/ansible-wazuh-manager : CentOS/RedHat 6 | Install Python 2.7] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Install OpenJDK 1.8] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_manager_config.cis_cat.disable == 'no'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Set Distribution CIS filename for RHEL5/CentOS-5] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\" and ansible_distribution_major_version == '5'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Set Distribution CIS filename for RHEL6/CentOS-6] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\" and ansible_distribution_major_version == '6'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Set Distribution CIS filename for RHEL7/CentOS-7] ***
ok: [192.168.57.102] => {"ansible_facts": {"cis_distribution_filename": "cis_rhel7_linux_rcl.txt"}, "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : Set Distribution CIS filename for RHEL7/CentOS-7 (Amazon)] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_distribution == \"Amazon\" and ansible_distribution_major_version == \"NA\"", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies to build from sources] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_manager_sources_installation.enabled", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : CentOS/RedHat/Amazon | Install wazuh-manager] ***
changed: [192.168.57.102] => {"attempts": 1, "changed": true, "changes": {"installed": ["wazuh-manager-4.6.0"]}, "msg": "Repository wazuh_repo is listed more than once in the configuration\n", "rc": 0, "results": ["Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.pt\n * extras: mirrors.pt\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package wazuh-manager.x86_64 0:4.6.0-1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n wazuh-manager x86_64 4.6.0-1 wazuh_repo 165 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 165 M\nInstalled size: 599 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : wazuh-manager-4.6.0-1.x86_64 1/1 \n Verifying : wazuh-manager-4.6.0-1.x86_64 1/1 \n\nInstalled:\n wazuh-manager.x86_64 0:4.6.0-1 \n\nComplete!\n"]}
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_manager_sources_installation.enabled", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_custom_packages_installation_manager_enabled", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : CentOS/RedHat 6 | Enabling python2.7 and sqlite3] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Install expect (EL5)] *************
skipping: [192.168.57.102] => (item=expect) => {"ansible_loop_var": "item", "changed": false, "false_condition": "ansible_os_family|lower == \"RedHat\"", "item": "expect", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => {"changed": false, "msg": "All items skipped"}
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == \"Debian\"", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Install expect] *******************
changed: [192.168.57.102] => {"changed": true, "changes": {"installed": ["expect"]}, "msg": "Repository wazuh_repo is listed more than once in the configuration\n", "rc": 0, "results": ["Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.pt\n * extras: mirrors.pt\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package expect.x86_64 0:5.45-14.el7_1 will be installed\n--> Processing Dependency: libtcl8.5.so()(64bit) for package: expect-5.45-14.el7_1.x86_64\n--> Running transaction check\n---> Package tcl.x86_64 1:8.5.13-8.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n expect x86_64 5.45-14.el7_1 base 262 k\nInstalling for dependencies:\n tcl x86_64 1:8.5.13-8.el7 base 1.9 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+1 Dependent package)\n\nTotal download size: 2.1 M\nInstalled size: 4.9 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 1.5 MB/s | 2.1 MB 00:01 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : 1:tcl-8.5.13-8.el7.x86_64 1/2 \n Installing : expect-5.45-14.el7_1.x86_64 2/2 \n Verifying : 1:tcl-8.5.13-8.el7.x86_64 1/2 \n Verifying : expect-5.45-14.el7_1.x86_64 2/2 \n\nInstalled:\n expect.x86_64 0:5.45-14.el7_1 \n\nDependency Installed:\n tcl.x86_64 1:8.5.13-8.el7 \n\nComplete!\n"]}
TASK [../roles/wazuh/ansible-wazuh-manager : Generate SSL files for authd] *****
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Copy CA, SSL key and cert for authd] ***
skipping: [192.168.57.102] => (item=) => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => (item=sslmanager.cert) => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "sslmanager.cert", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => (item=sslmanager.key) => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "sslmanager.key", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => {"changed": false, "msg": "All items skipped"}
TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old init authd service] ***
ok: [192.168.57.102] => {"changed": false, "stat": {"exists": false}}
TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old systemd authd service] ***
ok: [192.168.57.102] => {"changed": false, "stat": {"exists": false}}
TASK [../roles/wazuh/ansible-wazuh-manager : Ensure ossec-authd service is disabled] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "old_authd_service.stat.exists", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Removing old init authd services] ***
skipping: [192.168.57.102] => (item=/etc/init.d/ossec-authd) => {"ansible_loop_var": "item", "changed": false, "false_condition": "old_authd_service.stat.exists", "item": "/etc/init.d/ossec-authd", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => (item=/lib/systemd/system/ossec-authd.service) => {"ansible_loop_var": "item", "changed": false, "false_condition": "old_authd_service.stat.exists", "item": "/lib/systemd/system/ossec-authd.service", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => {"changed": false, "msg": "All items skipped"}
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_rules.xml (default local_rules.xml)] ***
changed: [192.168.57.102] => {"changed": true, "checksum": "e2ed6d5f4bc85b2a6338ffa3b67af9c56a6a2b9b", "dest": "/var/ossec/etc/rules/local_rules.xml", "gid": 993, "group": "wazuh", "md5sum": "1b8bd14835b49b9d399db692d86e243c", "mode": "0640", "owner": "wazuh", "secontext": "system_u:object_r:var_t:s0", "size": 496, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081253.9348755-13580-120459453780582/source", "state": "file", "uid": 996}
TASK [../roles/wazuh/ansible-wazuh-manager : Adding local rules files] *********
changed: [192.168.57.102] => {"changed": true, "checksum": "948b7acf2a4e9434837fd8a9ae4282d764159a34", "dest": "/var/ossec/etc/rules/sample_custom_rules.xml", "gid": 993, "group": "wazuh", "md5sum": "d0484a12c7a6bdb1ca1a7e7c890cccc2", "mode": "0640", "owner": "wazuh", "secontext": "system_u:object_r:var_t:s0", "size": 457, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081254.7587855-13608-249033898689323/source", "state": "file", "uid": 996}
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_decoder.xml] ***
changed: [192.168.57.102] => {"changed": true, "checksum": "22b3dffce338aa3b465f90b0a442f1892ab416dd", "dest": "/var/ossec/etc/decoders/local_decoder.xml", "gid": 993, "group": "wazuh", "md5sum": "13848075a6d3a8d32a675bb10b4ddc6d", "mode": "0640", "owner": "wazuh", "secontext": "system_u:object_r:var_t:s0", "size": 775, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081255.4660432-13636-249805687342510/source", "state": "file", "uid": 996}
TASK [../roles/wazuh/ansible-wazuh-manager : Adding local decoders files] ******
changed: [192.168.57.102] => {"changed": true, "checksum": "ef2930e35e0d314628a611effb545e0571e49b5d", "dest": "/var/ossec/etc/decoders/sample_custom_decoders.xml", "gid": 993, "group": "wazuh", "md5sum": "ca839098b00c8095ed956d0b6ff40e43", "mode": "0640", "owner": "wazuh", "secontext": "system_u:object_r:var_t:s0", "size": 775, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081256.2112753-13664-32205843468337/source", "state": "file", "uid": 996}
TASK [../roles/wazuh/ansible-wazuh-manager : Configure the shared-agent.conf] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "shared_agent_config is defined", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_internal_options.conf] ***
changed: [192.168.57.102] => {"changed": true, "checksum": "e2c8d0d38358dcd7c92e57b8f2cb0e7dfcf112e3", "dest": "/var/ossec/etc/local_internal_options.conf", "gid": 993, "group": "wazuh", "md5sum": "f460d5ec8ff02ba64b925188630fdf31", "mode": "0640", "owner": "root", "secontext": "system_u:object_r:var_t:s0", "size": 473, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081256.9390998-13695-151784495439180/source", "state": "file", "uid": 0}
TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving Agentless Credentials] ***
ok: [192.168.57.102] => {"ansible_facts": {}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml"], "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving authd Credentials] *****
ok: [192.168.57.102] => {"ansible_facts": {}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml"], "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : Check if syslog output is enabled] ***
skipping: [192.168.57.102] => (item={'server': None, 'port': None, 'format': None}) => {"ansible_loop_var": "item", "changed": false, "false_condition": "item.server is not none", "item": {"format": null, "port": null, "server": null}, "skip_reason": "Conditional result was False"}
skipping: [192.168.57.102] => {"changed": false, "msg": "All items skipped"}
TASK [../roles/wazuh/ansible-wazuh-manager : Check if client-syslog is enabled] ***
ok: [192.168.57.102] => {"changed": false, "cmd": "set -o pipefail\n\"grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo\"\n", "delta": null, "end": null, "msg": "Did not run command since '/var/ossec/bin/.process_list' does not exist", "rc": 0, "start": null, "stderr": "", "stderr_lines": [], "stdout": "skipped, since /var/ossec/bin/.process_list does not exist", "stdout_lines": ["skipped, since /var/ossec/bin/.process_list does not exist"]}
TASK [../roles/wazuh/ansible-wazuh-manager : Enable client-syslog] *************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "syslog_output is defined and syslog_output", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Check if ossec-agentlessd is enabled] ***
ok: [192.168.57.102] => {"changed": false, "cmd": "set -o pipefail\n\"grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo\"\n", "delta": null, "end": null, "msg": "Did not run command since '/var/ossec/bin/.process_list' does not exist", "rc": 0, "start": null, "stderr": "", "stderr_lines": [], "stdout": "skipped, since /var/ossec/bin/.process_list does not exist", "stdout_lines": ["skipped, since /var/ossec/bin/.process_list does not exist"]}
TASK [../roles/wazuh/ansible-wazuh-manager : Enable ossec-agentlessd] **********
skipping: [192.168.57.102] => {"changed": false, "false_condition": "agentless_creds is defined", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Checking alert log output settings] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_manager_config.json_output == 'no'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Configure ossec.conf] *************
changed: [192.168.57.102] => {"changed": true, "checksum": "946734d93f1548a7c349e18249ef0a59cbc3cade", "dest": "/var/ossec/etc/ossec.conf", "gid": 993, "group": "wazuh", "md5sum": "f59ae911ceacdb0176937da4b9cb4abb", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:var_t:s0", "size": 10042, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081258.5864623-13767-91448462600732/source", "state": "file", "uid": 0}
TASK [../roles/wazuh/ansible-wazuh-manager : Ossec-authd password] *************
skipping: [192.168.57.102] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : Copy create_user script] **********
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_api_users is defined", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Create admin.json] ****************
skipping: [192.168.57.102] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : Execute create_user script] *******
skipping: [192.168.57.102] => {"changed": false, "false_condition": "wazuh_api_users is defined", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Agentless Hosts & Passwd] *********
skipping: [192.168.57.102] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
TASK [../roles/wazuh/ansible-wazuh-manager : Encode the secret] ****************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "agentless_creds is defined", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : Ensure Wazuh Manager service is started and enabled.] ***
changed: [192.168.57.102] => {"changed": true, "enabled": true, "name": "wazuh-manager", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network-online.target systemd-journald.socket system.slice basic.target network.target", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Wazuh manager", "DevicePolicy": "auto", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control start ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStop": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control stop ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/wazuh-manager.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "wazuh-manager.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "process", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "65536", "LimitNPROC": "15098", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "wazuh-manager.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "yes", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "Wants": "network-online.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}
TASK [../roles/wazuh/ansible-wazuh-manager : Create agent groups] **************
skipping: [192.168.57.102] => {"changed": false, "skipped_reason": "No items in the list"}
TASK [../roles/wazuh/ansible-wazuh-manager : Run uninstall tasks] **************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml for 192.168.57.102
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Remove Wazuh repository.] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == \"Debian\"", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "absent"}
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml for 192.168.57.102
TASK [../roles/wazuh/ansible-filebeat-oss : RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "present"}
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Redhat] *********
changed: [192.168.57.102] => {"changed": true, "changes": {"installed": ["filebeat-7.10.2"]}, "msg": "Repository wazuh_repo is listed more than once in the configuration\n", "rc": 0, "results": ["Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.pt\n * extras: mirrors.pt\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package filebeat.x86_64 0:7.10.2-1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n filebeat x86_64 7.10.2-1 wazuh_repo 21 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 21 M\nInstalled size: 70 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : filebeat-7.10.2-1.x86_64 1/1 \n Verifying : filebeat-7.10.2-1.x86_64 1/1 \n\nInstalled:\n filebeat.x86_64 0:7.10.2-1 \n\nComplete!\n"]}
TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Debian] *********
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module folder file exists] ***
ok: [192.168.57.102] => {"changed": false, "stat": {"exists": false}}
TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] ***
changed: [192.168.57.102] => {"changed": true, "checksum_dest": null, "checksum_src": "d9983f7506c3676200718fa7845987e0ef78e9cb", "dest": "/tmp/wazuh-filebeat-0.2.tar.gz", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "df1cc1588db086a0a0cf3b38998b669a", "mode": "0644", "msg": "OK (1120 bytes)", "owner": "root", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 1120, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081292.5479321-13901-60888160498936/tmp8qW9do", "state": "file", "status_code": 200, "uid": 0, "url": "https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz"}
TASK [../roles/wazuh/ansible-filebeat-oss : Unpack Filebeat module package] ****
changed: [192.168.57.102] => {"changed": true, "dest": "/usr/share/filebeat/module", "extract_results": {"cmd": ["/bin/gtar", "--extract", "-C", "/usr/share/filebeat/module", "-z", "-f", "/tmp//wazuh-filebeat-0.2.tar.gz"], "err": "", "out": "", "rc": 0}, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "0755", "owner": "root", "secontext": "system_u:object_r:usr_t:s0", "size": 4096, "src": "/tmp//wazuh-filebeat-0.2.tar.gz", "state": "directory", "uid": 0}
TASK [../roles/wazuh/ansible-filebeat-oss : Setting 0755 permission for Filebeat module folder] ***
changed: [192.168.57.102] => {"changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "{'failed': False, 'stat': {'exists': False}, 'changed': False}", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 6, "state": "directory", "uid": 0}
TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module package file exists] ***
ok: [192.168.57.102] => {"changed": false, "stat": {"atime": 1701081293.1702716, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "binary", "checksum": "d9983f7506c3676200718fa7845987e0ef78e9cb", "ctime": 1701081293.1682718, "dev": 2049, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 465335, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "application/x-gzip", "mode": "0644", "mtime": 1701081293.1642718, "nlink": 1, "path": "/tmp//wazuh-filebeat-0.2.tar.gz", "pw_name": "root", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 1120, "uid": 0, "version": "18446744071954866776", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}}
TASK [../roles/wazuh/ansible-filebeat-oss : Delete Filebeat module package file] ***
changed: [192.168.57.102] => {"changed": true, "path": "/tmp//wazuh-filebeat-0.2.tar.gz", "state": "absent"}
TASK [../roles/wazuh/ansible-filebeat-oss : Copy Filebeat configuration.] ******
changed: [192.168.57.102] => {"changed": true, "checksum": "ef8cb2ac046ce130aa685af76e197474ef9d65b3", "dest": "/etc/filebeat/filebeat.yml", "gid": 0, "group": "root", "md5sum": "e3c6fb08db5311b4a463aa27dd500da8", "mode": "0400", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 874, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081295.5417027-13988-49238635882989/source", "state": "file", "uid": 0}
TASK [../roles/wazuh/ansible-filebeat-oss : Fetch latest Wazuh alerts template] ***
changed: [192.168.57.102] => {"changed": true, "checksum_dest": null, "checksum_src": "b0e78eb5887dfcb9175b646ade0a333c647f591e", "dest": "/etc/filebeat/wazuh-template.json", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "f2f88b09e17eb01aa39947fbaf4d9fb3", "mode": "0400", "msg": "OK (62776 bytes)", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 62776, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081296.3517187-14016-52634013296851/tmpRHe2PR", "state": "file", "status_code": 200, "uid": 0, "url": "https://raw.githubusercontent.com/wazuh/wazuh/v4.6.0/extensions/elasticsearch/7.x/wazuh-template.json"}
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml for 192.168.57.102
TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat SSL key pair directory exists.] ***
changed: [192.168.57.102] => {"changed": true, "gid": 0, "group": "root", "mode": "0764", "owner": "root", "path": "/etc/pki/filebeat", "secontext": "unconfined_u:object_r:cert_t:s0", "size": 6, "state": "directory", "uid": 0}
TASK [../roles/wazuh/ansible-filebeat-oss : Copy the certificates from local to the Manager instance] ***
changed: [192.168.57.102] => (item=node-1-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "b6fb2cda02630c9cd4df99730555534f2a46ed6c", "dest": "/etc/pki/filebeat/node-1-key.pem", "gid": 0, "group": "root", "item": "node-1-key.pem", "md5sum": "be0b4514e5c988789e95b9726fa1e7f8", "mode": "0620", "owner": "root", "secontext": "system_u:object_r:cert_t:s0", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081297.8230777-14050-100080455987188/source", "state": "file", "uid": 0}
changed: [192.168.57.102] => (item=node-1.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "b2fcb6e7b1bd51a4322fed389a0d4ba7af7373c4", "dest": "/etc/pki/filebeat/node-1.pem", "gid": 0, "group": "root", "item": "node-1.pem", "md5sum": "0ec1884c981fa0079100a31ced55ddde", "mode": "0620", "owner": "root", "secontext": "system_u:object_r:cert_t:s0", "size": 1277, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081298.8269954-14050-129916479233437/source", "state": "file", "uid": 0}
changed: [192.168.57.102] => (item=root-ca.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "4eab58b390d9caa77e3c3bd5a489faca8f56a26a", "dest": "/etc/pki/filebeat/root-ca.pem", "gid": 0, "group": "root", "item": "root-ca.pem", "md5sum": "a7a08c33ea53ad4b309d4a1ef5452f40", "mode": "0620", "owner": "root", "secontext": "system_u:object_r:cert_t:s0", "size": 1204, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081299.8694215-14050-103662259264037/source", "state": "file", "uid": 0}
TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat is started and enabled at boot.] ***
changed: [192.168.57.102] => {"changed": true, "enabled": true, "name": "filebeat", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target system.slice network-online.target systemd-journald.socket", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Filebeat sends log files to Logstash or directly to Elasticsearch.", "DevicePolicy": "auto", "Documentation": "https://www.elastic.co/products/beats/filebeat", "Environment": "BEAT_LOG_OPTS= BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml BEAT_PATH_OPTS=--path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/filebeat/bin/filebeat ; argv[]=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/filebeat.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "filebeat.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "15098", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "filebeat.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "always", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "Wants": "network-online.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml for 192.168.57.102
TASK [../roles/wazuh/ansible-filebeat-oss : RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata)] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "absent"}
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *********************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == \"Debian\"", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ***************************
ok: [192.168.57.102] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/../../vars/repo_vars.yml"], "changed": false}
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ***************************
ok: [192.168.57.102] => {"ansible_facts": {"certs_gen_tool_url": "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "wazuh_repo": {"apt": "deb https://packages.wazuh.com/4.x/apt/ stable main", "gpg": "https://packages.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages.wazuh.com/4.x/yum/"}, "wazuh_winagent_config_url": "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/../../vars/repo.yml"], "changed": false}
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ***************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ***************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "packages_repository == 'staging'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : RedHat/CentOS/Fedora | Add Wazuh dashboard repo] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "present"}
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard dependencies] ***
changed: [192.168.57.102] => {"changed": true, "changes": {"installed": ["libnss3.so", "xorg-x11-fonts-100dpi", "xorg-x11-fonts-75dpi", "xorg-x11-utils", "xorg-x11-fonts-cyrillic", "xorg-x11-fonts-Type1", "xorg-x11-fonts-misc", "fontconfig"]}, "msg": "", "rc": 0, "results": ["freetype-2.8-14.el7.x86_64 providing freetype is already installed", "Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.pt\n * extras: mirrors.pt\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package fontconfig.x86_64 0:2.13.0-4.3.el7 will be installed\n--> Processing Dependency: fontpackages-filesystem for package: fontconfig-2.13.0-4.3.el7.x86_64\n--> Processing Dependency: dejavu-sans-fonts for package: fontconfig-2.13.0-4.3.el7.x86_64\n---> Package nss.i686 0:3.90.0-2.el7_9 will be installed\n--> Processing Dependency: nss-util >= 3.90.0-1 for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: nss-softokn(x86-32) >= 3.90.0-1 for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: nspr >= 4.35.0 for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: nss-pem(x86-32) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libpthread.so.0(GLIBC_2.0) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libpthread.so.0 for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libplds4.so for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libplc4.so for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.82) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.59) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.39) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.38) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.31) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.24) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.21) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.17.1) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.15) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.14) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.13) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.12.5) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.12.3) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so(NSSUTIL_3.12) for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnssutil3.so for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libnspr4.so for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libdl.so.2 for package: nss-3.90.0-2.el7_9.i686\n--> Processing Dependency: libc.so.6(GLIBC_2.4) for package: nss-3.90.0-2.el7_9.i686\n---> Package xorg-x11-fonts-100dpi.noarch 0:7.5-9.el7 will be installed\n--> Processing Dependency: mkfontdir for package: xorg-x11-fonts-100dpi-7.5-9.el7.noarch\n--> Processing Dependency: mkfontdir for package: xorg-x11-fonts-100dpi-7.5-9.el7.noarch\n---> Package xorg-x11-fonts-75dpi.noarch 0:7.5-9.el7 will be installed\n---> Package xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 will be installed\n--> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch\n--> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch\n---> Package xorg-x11-fonts-cyrillic.noarch 0:7.5-9.el7 will be installed\n---> Package xorg-x11-fonts-misc.noarch 0:7.5-9.el7 will be installed\n---> Package xorg-x11-utils.x86_64 0:7.5-23.el7 will be installed\n--> Processing Dependency: libxcb.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libxcb-shape.so.0()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libdmx.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXxf86vm.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXxf86misc.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXxf86dga.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXv.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXtst.so.6()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXrender.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXrandr.so.2()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXinerama.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXi.so.6()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libXext.so.6()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libX11.so.6()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Processing Dependency: libX11-xcb.so.1()(64bit) for package: xorg-x11-utils-7.5-23.el7.x86_64\n--> Running transaction check\n---> Package dejavu-sans-fonts.noarch 0:2.33-6.el7 will be installed\n--> Processing Dependency: dejavu-fonts-common = 2.33-6.el7 for package: dejavu-sans-fonts-2.33-6.el7.noarch\n---> Package fontpackages-filesystem.noarch 0:1.44-8.el7 will be installed\n---> Package glibc.x86_64 0:2.17-307.el7.1 will be updated\n--> Processing Dependency: glibc = 2.17-307.el7.1 for package: glibc-common-2.17-307.el7.1.x86_64\n---> Package glibc.i686 0:2.17-326.el7_9 will be installed\n--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.17-326.el7_9.i686\n--> Processing Dependency: libfreebl3.so for package: glibc-2.17-326.el7_9.i686\n---> Package glibc.x86_64 0:2.17-326.el7_9 will be an update\n---> Package libX11.x86_64 0:1.6.7-4.el7_9 will be installed\n--> Processing Dependency: libX11-common >= 1.6.7-4.el7_9 for package: libX11-1.6.7-4.el7_9.x86_64\n---> Package libXext.x86_64 0:1.3.3-3.el7 will be installed\n---> Package libXi.x86_64 0:1.7.9-1.el7 will be installed\n---> Package libXinerama.x86_64 0:1.1.3-2.1.el7 will be installed\n---> Package libXrandr.x86_64 0:1.5.1-2.el7 will be installed\n---> Package libXrender.x86_64 0:0.9.10-1.el7 will be installed\n---> Package libXtst.x86_64 0:1.2.3-1.el7 will be installed\n---> Package libXv.x86_64 0:1.0.11-1.el7 will be installed\n---> Package libXxf86dga.x86_64 0:1.1.4-2.1.el7 will be installed\n---> Package libXxf86misc.x86_64 0:1.0.3-7.1.el7 will be installed\n---> Package libXxf86vm.x86_64 0:1.1.4-1.el7 will be installed\n---> Package libdmx.x86_64 0:1.1.3-3.el7 will be installed\n---> Package libxcb.x86_64 0:1.13-1.el7 will be installed\n--> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.13-1.el7.x86_64\n---> Package nspr.x86_64 0:4.21.0-1.el7 will be updated\n---> Package nspr.i686 0:4.35.0-1.el7_9 will be installed\n---> Package nspr.x86_64 0:4.35.0-1.el7_9 will be an update\n---> Package nss-pem.x86_64 0:1.0.3-7.el7 will be updated\n---> Package nss-pem.i686 0:1.0.3-7.el7_9.1 will be installed\n---> Package nss-pem.x86_64 0:1.0.3-7.el7_9.1 will be an update\n--> Processing Dependency: nss(x86-64) >= 3.79.0 for package: nss-pem-1.0.3-7.el7_9.1.x86_64\n---> Package nss-softokn.x86_64 0:3.44.0-8.el7_7 will be updated\n---> Package nss-softokn.i686 0:3.90.0-6.el7_9 will be installed\n--> Processing Dependency: libsqlite3.so.0 for package: nss-softokn-3.90.0-6.el7_9.i686\n---> Package nss-softokn.x86_64 0:3.90.0-6.el7_9 will be an update\n---> Package nss-util.x86_64 0:3.44.0-4.el7_7 will be updated\n---> Package nss-util.i686 0:3.90.0-1.el7_9 will be installed\n---> Package nss-util.x86_64 0:3.90.0-1.el7_9 will be an update\n---> Package ttmkfdir.x86_64 0:3.0.9-42.el7 will be installed\n---> Package xorg-x11-font-utils.x86_64 1:7.5-21.el7 will be installed\n--> Processing Dependency: libfontenc.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.5-21.el7.x86_64\n--> Running transaction check\n---> Package dejavu-fonts-common.noarch 0:2.33-6.el7 will be installed\n---> Package glibc-common.x86_64 0:2.17-307.el7.1 will be updated\n---> Package glibc-common.x86_64 0:2.17-326.el7_9 will be an update\n---> Package libX11-common.noarch 0:1.6.7-4.el7_9 will be installed\n---> Package libXau.x86_64 0:1.0.8-2.1.el7 will be installed\n---> Package libfontenc.x86_64 0:1.1.3-3.el7 will be installed\n---> Package nss.x86_64 0:3.44.0-7.el7_7 will be updated\n--> Processing Dependency: nss = 3.44.0-7.el7_7 for package: nss-sysinit-3.44.0-7.el7_7.x86_64\n--> Processing Dependency: nss(x86-64) = 3.44.0-7.el7_7 for package: nss-tools-3.44.0-7.el7_7.x86_64\n---> Package nss.x86_64 0:3.90.0-2.el7_9 will be an update\n---> Package nss-softokn-freebl.x86_64 0:3.44.0-8.el7_7 will be updated\n---> Package nss-softokn-freebl.i686 0:3.90.0-6.el7_9 will be installed\n---> Package nss-softokn-freebl.x86_64 0:3.90.0-6.el7_9 will be an update\n---> Package sqlite.i686 0:3.7.17-8.el7_7.1 will be installed\n--> Processing Dependency: libtinfo.so.5 for package: sqlite-3.7.17-8.el7_7.1.i686\n--> Processing Dependency: libreadline.so.6 for package: sqlite-3.7.17-8.el7_7.1.i686\n--> Processing Dependency: libncurses.so.5 for package: sqlite-3.7.17-8.el7_7.1.i686\n--> Running transaction check\n---> Package ncurses-libs.i686 0:5.9-14.20130511.el7_4 will be installed\n--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4) for package: ncurses-libs-5.9-14.20130511.el7_4.i686\n--> Processing Dependency: libstdc++.so.6(CXXABI_1.3) for package: ncurses-libs-5.9-14.20130511.el7_4.i686\n--> Processing Dependency: libstdc++.so.6 for package: ncurses-libs-5.9-14.20130511.el7_4.i686\n--> Processing Dependency: libgcc_s.so.1(GCC_3.0) for package: ncurses-libs-5.9-14.20130511.el7_4.i686\n--> Processing Dependency: libgcc_s.so.1 for package: ncurses-libs-5.9-14.20130511.el7_4.i686\n---> Package nss-sysinit.x86_64 0:3.44.0-7.el7_7 will be updated\n---> Package nss-sysinit.x86_64 0:3.90.0-2.el7_9 will be an update\n---> Package nss-tools.x86_64 0:3.44.0-7.el7_7 will be updated\n---> Package nss-tools.x86_64 0:3.90.0-2.el7_9 will be an update\n---> Package readline.i686 0:6.2-11.el7 will be installed\n--> Running transaction check\n---> Package libgcc.x86_64 0:4.8.5-39.el7 will be updated\n---> Package libgcc.i686 0:4.8.5-44.el7 will be installed\n---> Package libgcc.x86_64 0:4.8.5-44.el7 will be an update\n---> Package libstdc++.x86_64 0:4.8.5-39.el7 will be updated\n---> Package libstdc++.i686 0:4.8.5-44.el7 will be installed\n---> Package libstdc++.x86_64 0:4.8.5-44.el7 will be an update\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n fontconfig x86_64 2.13.0-4.3.el7 base 254 k\n nss i686 3.90.0-2.el7_9 updates 907 k\n xorg-x11-fonts-100dpi noarch 7.5-9.el7 base 3.1 M\n xorg-x11-fonts-75dpi noarch 7.5-9.el7 base 2.8 M\n xorg-x11-fonts-Type1 noarch 7.5-9.el7 base 521 k\n xorg-x11-fonts-cyrillic noarch 7.5-9.el7 base 397 k\n xorg-x11-fonts-misc noarch 7.5-9.el7 base 5.8 M\n xorg-x11-utils x86_64 7.5-23.el7 base 114 k\nInstalling for dependencies:\n dejavu-fonts-common noarch 2.33-6.el7 base 64 k\n dejavu-sans-fonts noarch 2.33-6.el7 base 1.4 M\n fontpackages-filesystem noarch 1.44-8.el7 base 9.9 k\n glibc i686 2.17-326.el7_9 updates 4.3 M\n libX11 x86_64 1.6.7-4.el7_9 updates 607 k\n libX11-common noarch 1.6.7-4.el7_9 updates 164 k\n libXau x86_64 1.0.8-2.1.el7 base 29 k\n libXext x86_64 1.3.3-3.el7 base 39 k\n libXi x86_64 1.7.9-1.el7 base 40 k\n libXinerama x86_64 1.1.3-2.1.el7 base 14 k\n libXrandr x86_64 1.5.1-2.el7 base 27 k\n libXrender x86_64 0.9.10-1.el7 base 26 k\n libXtst x86_64 1.2.3-1.el7 base 20 k\n libXv x86_64 1.0.11-1.el7 base 18 k\n libXxf86dga x86_64 1.1.4-2.1.el7 base 19 k\n libXxf86misc x86_64 1.0.3-7.1.el7 base 19 k\n libXxf86vm x86_64 1.1.4-1.el7 base 18 k\n libdmx x86_64 1.1.3-3.el7 base 16 k\n libfontenc x86_64 1.1.3-3.el7 base 31 k\n libgcc i686 4.8.5-44.el7 base 111 k\n libstdc++ i686 4.8.5-44.el7 base 319 k\n libxcb x86_64 1.13-1.el7 base 214 k\n ncurses-libs i686 5.9-14.20130511.el7_4 base 316 k\n nspr i686 4.35.0-1.el7_9 updates 130 k\n nss-pem i686 1.0.3-7.el7_9.1 updates 74 k\n nss-softokn i686 3.90.0-6.el7_9 updates 390 k\n nss-softokn-freebl i686 3.90.0-6.el7_9 updates 327 k\n nss-util i686 3.90.0-1.el7_9 updates 79 k\n readline i686 6.2-11.el7 base 189 k\n sqlite i686 3.7.17-8.el7_7.1 base 397 k\n ttmkfdir x86_64 3.0.9-42.el7 base 48 k\n xorg-x11-font-utils x86_64 1:7.5-21.el7 base 104 k\nUpdating for dependencies:\n glibc x86_64 2.17-326.el7_9 updates 3.6 M\n glibc-common x86_64 2.17-326.el7_9 updates 12 M\n libgcc x86_64 4.8.5-44.el7 base 103 k\n libstdc++ x86_64 4.8.5-44.el7 base 306 k\n nspr x86_64 4.35.0-1.el7_9 updates 128 k\n nss x86_64 3.90.0-2.el7_9 updates 905 k\n nss-pem x86_64 1.0.3-7.el7_9.1 updates 75 k\n nss-softokn x86_64 3.90.0-6.el7_9 updates 383 k\n nss-softokn-freebl x86_64 3.90.0-6.el7_9 updates 321 k\n nss-sysinit x86_64 3.90.0-2.el7_9 updates 67 k\n nss-tools x86_64 3.90.0-2.el7_9 updates 557 k\n nss-util x86_64 3.90.0-1.el7_9 updates 80 k\n\nTransaction Summary\n================================================================================\nInstall 8 Packages (+32 Dependent packages)\nUpgrade ( 12 Dependent packages)\n\nTotal download size: 41 M\nDownloading packages:\nNo Presto metadata available for base\nNo Presto metadata available for updates\n--------------------------------------------------------------------------------\nTotal 3.7 MB/s | 41 MB 00:10 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Updating : libgcc-4.8.5-44.el7.x86_64 1/64 \n Updating : glibc-common-2.17-326.el7_9.x86_64 2/64 \n Updating : nss-softokn-freebl-3.90.0-6.el7_9.x86_64 3/64 \n Updating : glibc-2.17-326.el7_9.x86_64 4/64 \n Updating : nspr-4.35.0-1.el7_9.x86_64 5/64 \n Updating : nss-util-3.90.0-1.el7_9.x86_64 6/64 \n Updating : nss-softokn-3.90.0-6.el7_9.x86_64 7/64 \n Updating : nss-pem-1.0.3-7.el7_9.1.x86_64 8/64 \n Updating : nss-sysinit-3.90.0-2.el7_9.x86_64 9/64 \n Updating : nss-3.90.0-2.el7_9.x86_64 10/64 \n Installing : fontpackages-filesystem-1.44-8.el7.noarch 11/64 \n Installing : glibc-2.17-326.el7_9.i686 12/64 \n Installing : nss-softokn-freebl-3.90.0-6.el7_9.i686 13/64 \n Installing : nspr-4.35.0-1.el7_9.i686 14/64 \n Installing : nss-util-3.90.0-1.el7_9.i686 15/64 \n Installing : libgcc-4.8.5-44.el7.i686 16/64 \n Installing : dejavu-fonts-common-2.33-6.el7.noarch 17/64 \n Installing : dejavu-sans-fonts-2.33-6.el7.noarch 18/64 \n Installing : fontconfig-2.13.0-4.3.el7.x86_64 19/64 \n Installing : libfontenc-1.1.3-3.el7.x86_64 20/64 \n Installing : 1:xorg-x11-font-utils-7.5-21.el7.x86_64 21/64 \n Updating : libstdc++-4.8.5-44.el7.x86_64 22/64 \n Installing : ttmkfdir-3.0.9-42.el7.x86_64 23/64 \n Installing : libXau-1.0.8-2.1.el7.x86_64 24/64 \n Installing : libxcb-1.13-1.el7.x86_64 25/64 \n Installing : libX11-common-1.6.7-4.el7_9.noarch 26/64 \n Installing : libX11-1.6.7-4.el7_9.x86_64 27/64 \n Installing : libXext-1.3.3-3.el7.x86_64 28/64 \n Installing : libXi-1.7.9-1.el7.x86_64 29/64 \n Installing : libXrender-0.9.10-1.el7.x86_64 30/64 \n Installing : libXrandr-1.5.1-2.el7.x86_64 31/64 \n Installing : libXtst-1.2.3-1.el7.x86_64 32/64 \n Installing : libXinerama-1.1.3-2.1.el7.x86_64 33/64 \n Installing : libXxf86misc-1.0.3-7.1.el7.x86_64 34/64 \n Installing : libXxf86vm-1.1.4-1.el7.x86_64 35/64 \n Installing : libdmx-1.1.3-3.el7.x86_64 36/64 \n Installing : libXv-1.0.11-1.el7.x86_64 37/64 \n Installing : libXxf86dga-1.1.4-2.1.el7.x86_64 38/64 \n Installing : xorg-x11-utils-7.5-23.el7.x86_64 39/64 \n Installing : xorg-x11-fonts-Type1-7.5-9.el7.noarch 40/64 \n Installing : xorg-x11-fonts-cyrillic-7.5-9.el7.noarch 41/64 \n Installing : xorg-x11-fonts-100dpi-7.5-9.el7.noarch 42/64 \n Installing : xorg-x11-fonts-75dpi-7.5-9.el7.noarch 43/64 \n Installing : xorg-x11-fonts-misc-7.5-9.el7.noarch 44/64 \n Updating : nss-tools-3.90.0-2.el7_9.x86_64 45/64 \n Installing : libstdc++-4.8.5-44.el7.i686 46/64 \n Installing : ncurses-libs-5.9-14.20130511.el7_4.i686 47/64 \n Installing : readline-6.2-11.el7.i686 48/64 \n Installing : sqlite-3.7.17-8.el7_7.1.i686 49/64 \n Installing : nss-softokn-3.90.0-6.el7_9.i686 50/64 \n Installing : nss-3.90.0-2.el7_9.i686 51/64 \n Installing : nss-pem-1.0.3-7.el7_9.1.i686 52/64 \n Cleanup : nss-tools-3.44.0-7.el7_7.x86_64 53/64 \n Cleanup : nss-sysinit-3.44.0-7.el7_7.x86_64 54/64 \n Cleanup : nss-3.44.0-7.el7_7.x86_64 55/64 \n Cleanup : nss-pem-1.0.3-7.el7.x86_64 56/64 \n Cleanup : nss-softokn-3.44.0-8.el7_7.x86_64 57/64 \n Cleanup : libstdc++-4.8.5-39.el7.x86_64 58/64 \n Cleanup : glibc-common-2.17-307.el7.1.x86_64 59/64 \n Cleanup : nspr-4.21.0-1.el7.x86_64 60/64 \n Cleanup : nss-util-3.44.0-4.el7_7.x86_64 61/64 \n Cleanup : nss-softokn-freebl-3.44.0-8.el7_7.x86_64 62/64 \n Cleanup : glibc-2.17-307.el7.1.x86_64 63/64 \n Cleanup : libgcc-4.8.5-39.el7.x86_64 64/64 \n Verifying : libXext-1.3.3-3.el7.x86_64 1/64 \n Verifying : 1:xorg-x11-font-utils-7.5-21.el7.x86_64 2/64 \n Verifying : nss-pem-1.0.3-7.el7_9.1.i686 3/64 \n Verifying : fontconfig-2.13.0-4.3.el7.x86_64 4/64 \n Verifying : xorg-x11-fonts-cyrillic-7.5-9.el7.noarch 5/64 \n Verifying : libXinerama-1.1.3-2.1.el7.x86_64 6/64 \n Verifying : glibc-2.17-326.el7_9.x86_64 7/64 \n Verifying : libXrender-0.9.10-1.el7.x86_64 8/64 \n Verifying : nss-softokn-3.90.0-6.el7_9.x86_64 9/64 \n Verifying : libXxf86misc-1.0.3-7.1.el7.x86_64 10/64 \n Verifying : libXxf86vm-1.1.4-1.el7.x86_64 11/64 \n Verifying : libXi-1.7.9-1.el7.x86_64 12/64 \n Verifying : libdmx-1.1.3-3.el7.x86_64 13/64 \n Verifying : sqlite-3.7.17-8.el7_7.1.i686 14/64 \n Verifying : nss-util-3.90.0-1.el7_9.i686 15/64 \n Verifying : fontpackages-filesystem-1.44-8.el7.noarch 16/64 \n Verifying : ttmkfdir-3.0.9-42.el7.x86_64 17/64 \n Verifying : nss-softokn-3.90.0-6.el7_9.i686 18/64 \n Verifying : xorg-x11-fonts-100dpi-7.5-9.el7.noarch 19/64 \n Verifying : libgcc-4.8.5-44.el7.i686 20/64 \n Verifying : dejavu-fonts-common-2.33-6.el7.noarch 21/64 \n Verifying : xorg-x11-utils-7.5-23.el7.x86_64 22/64 \n Verifying : libXtst-1.2.3-1.el7.x86_64 23/64 \n Verifying : nss-pem-1.0.3-7.el7_9.1.x86_64 24/64 \n Verifying : glibc-2.17-326.el7_9.i686 25/64 \n Verifying : xorg-x11-fonts-75dpi-7.5-9.el7.noarch 26/64 \n Verifying : nss-softokn-freebl-3.90.0-6.el7_9.x86_64 27/64 \n Verifying : readline-6.2-11.el7.i686 28/64 \n Verifying : libxcb-1.13-1.el7.x86_64 29/64 \n Verifying : xorg-x11-fonts-Type1-7.5-9.el7.noarch 30/64 \n Verifying : libXv-1.0.11-1.el7.x86_64 31/64 \n Verifying : nss-softokn-freebl-3.90.0-6.el7_9.i686 32/64 \n Verifying : dejavu-sans-fonts-2.33-6.el7.noarch 33/64 \n Verifying : libXrandr-1.5.1-2.el7.x86_64 34/64 \n Verifying : nspr-4.35.0-1.el7_9.i686 35/64 \n Verifying : libfontenc-1.1.3-3.el7.x86_64 36/64 \n Verifying : ncurses-libs-5.9-14.20130511.el7_4.i686 37/64 \n Verifying : libstdc++-4.8.5-44.el7.i686 38/64 \n Verifying : nss-tools-3.90.0-2.el7_9.x86_64 39/64 \n Verifying : xorg-x11-fonts-misc-7.5-9.el7.noarch 40/64 \n Verifying : nss-util-3.90.0-1.el7_9.x86_64 41/64 \n Verifying : libgcc-4.8.5-44.el7.x86_64 42/64 \n Verifying : glibc-common-2.17-326.el7_9.x86_64 43/64 \n Verifying : libstdc++-4.8.5-44.el7.x86_64 44/64 \n Verifying : libXau-1.0.8-2.1.el7.x86_64 45/64 \n Verifying : libX11-1.6.7-4.el7_9.x86_64 46/64 \n Verifying : libXxf86dga-1.1.4-2.1.el7.x86_64 47/64 \n Verifying : nspr-4.35.0-1.el7_9.x86_64 48/64 \n Verifying : nss-3.90.0-2.el7_9.i686 49/64 \n Verifying : nss-sysinit-3.90.0-2.el7_9.x86_64 50/64 \n Verifying : libX11-common-1.6.7-4.el7_9.noarch 51/64 \n Verifying : nss-3.90.0-2.el7_9.x86_64 52/64 \n Verifying : nss-tools-3.44.0-7.el7_7.x86_64 53/64 \n Verifying : libgcc-4.8.5-39.el7.x86_64 54/64 \n Verifying : nss-sysinit-3.44.0-7.el7_7.x86_64 55/64 \n Verifying : glibc-common-2.17-307.el7.1.x86_64 56/64 \n Verifying : nss-pem-1.0.3-7.el7.x86_64 57/64 \n Verifying : libstdc++-4.8.5-39.el7.x86_64 58/64 \n Verifying : glibc-2.17-307.el7.1.x86_64 59/64 \n Verifying : nss-3.44.0-7.el7_7.x86_64 60/64 \n Verifying : nss-util-3.44.0-4.el7_7.x86_64 61/64 \n Verifying : nspr-4.21.0-1.el7.x86_64 62/64 \n Verifying : nss-softokn-freebl-3.44.0-8.el7_7.x86_64 63/64 \n Verifying : nss-softokn-3.44.0-8.el7_7.x86_64 64/64 \n\nInstalled:\n fontconfig.x86_64 0:2.13.0-4.3.el7 \n nss.i686 0:3.90.0-2.el7_9 \n xorg-x11-fonts-100dpi.noarch 0:7.5-9.el7 \n xorg-x11-fonts-75dpi.noarch 0:7.5-9.el7 \n xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 \n xorg-x11-fonts-cyrillic.noarch 0:7.5-9.el7 \n xorg-x11-fonts-misc.noarch 0:7.5-9.el7 \n xorg-x11-utils.x86_64 0:7.5-23.el7 \n\nDependency Installed:\n dejavu-fonts-common.noarch 0:2.33-6.el7 \n dejavu-sans-fonts.noarch 0:2.33-6.el7 \n fontpackages-filesystem.noarch 0:1.44-8.el7 \n glibc.i686 0:2.17-326.el7_9 \n libX11.x86_64 0:1.6.7-4.el7_9 \n libX11-common.noarch 0:1.6.7-4.el7_9 \n libXau.x86_64 0:1.0.8-2.1.el7 \n libXext.x86_64 0:1.3.3-3.el7 \n libXi.x86_64 0:1.7.9-1.el7 \n libXinerama.x86_64 0:1.1.3-2.1.el7 \n libXrandr.x86_64 0:1.5.1-2.el7 \n libXrender.x86_64 0:0.9.10-1.el7 \n libXtst.x86_64 0:1.2.3-1.el7 \n libXv.x86_64 0:1.0.11-1.el7 \n libXxf86dga.x86_64 0:1.1.4-2.1.el7 \n libXxf86misc.x86_64 0:1.0.3-7.1.el7 \n libXxf86vm.x86_64 0:1.1.4-1.el7 \n libdmx.x86_64 0:1.1.3-3.el7 \n libfontenc.x86_64 0:1.1.3-3.el7 \n libgcc.i686 0:4.8.5-44.el7 \n libstdc++.i686 0:4.8.5-44.el7 \n libxcb.x86_64 0:1.13-1.el7 \n ncurses-libs.i686 0:5.9-14.20130511.el7_4 \n nspr.i686 0:4.35.0-1.el7_9 \n nss-pem.i686 0:1.0.3-7.el7_9.1 \n nss-softokn.i686 0:3.90.0-6.el7_9 \n nss-softokn-freebl.i686 0:3.90.0-6.el7_9 \n nss-util.i686 0:3.90.0-1.el7_9 \n readline.i686 0:6.2-11.el7 \n sqlite.i686 0:3.7.17-8.el7_7.1 \n ttmkfdir.x86_64 0:3.0.9-42.el7 \n xorg-x11-font-utils.x86_64 1:7.5-21.el7 \n\nDependency Updated:\n glibc.x86_64 0:2.17-326.el7_9 \n glibc-common.x86_64 0:2.17-326.el7_9 \n libgcc.x86_64 0:4.8.5-44.el7 \n libstdc++.x86_64 0:4.8.5-44.el7 \n nspr.x86_64 0:4.35.0-1.el7_9 \n nss.x86_64 0:3.90.0-2.el7_9 \n nss-pem.x86_64 0:1.0.3-7.el7_9.1 \n nss-softokn.x86_64 0:3.90.0-6.el7_9 \n nss-softokn-freebl.x86_64 0:3.90.0-6.el7_9 \n nss-sysinit.x86_64 0:3.90.0-2.el7_9 \n nss-tools.x86_64 0:3.90.0-2.el7_9 \n nss-util.x86_64 0:3.90.0-1.el7_9 \n\nComplete!\n"]}
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] ****************
changed: [192.168.57.102] => {"changed": true, "changes": {"installed": ["wazuh-dashboard-4.6.0"]}, "msg": "", "rc": 0, "results": ["Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.pt\n * extras: mirror.tedra.es\n * updates: mirrors.pt\nResolving Dependencies\n--> Running transaction check\n---> Package wazuh-dashboard.x86_64 0:4.6.0-1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n wazuh-dashboard x86_64 4.6.0-1 wazuh_repo 262 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 262 M\nInstalled size: 883 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : wazuh-dashboard-4.6.0-1.x86_64 1/1 \n Verifying : wazuh-dashboard-4.6.0-1.x86_64 1/1 \n\nInstalled:\n wazuh-dashboard.x86_64 0:4.6.0-1 \n\nComplete!\n"]}
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ***************************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : Add apt repository signing key] *********
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : Debian systems | Add Wazuh dashboard repo] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard dependencies] ***
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] ****************
skipping: [192.168.57.102] => {"changed": false, "false_condition": "ansible_os_family == 'Debian'", "skip_reason": "Conditional result was False"}
TASK [../roles/wazuh/wazuh-dashboard : Remove Dashboard configuration file] ****
changed: [192.168.57.102] => {"changed": true, "path": "/etc/wazuh-dashboard//opensearch_dashboards.yml", "state": "absent"}
TASK [../roles/wazuh/wazuh-dashboard : Ensure Dashboard certificates directory permissions.] ***
changed: [192.168.57.102] => {"changed": true, "gid": 992, "group": "wazuh-dashboard", "mode": "0764", "owner": "wazuh-dashboard", "path": "/etc/wazuh-dashboard/certs/", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 995}
TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ***
changed: [192.168.57.102] => (item=root-ca.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "4eab58b390d9caa77e3c3bd5a489faca8f56a26a", "dest": "/etc/wazuh-dashboard/certs/root-ca.pem", "gid": 992, "group": "wazuh-dashboard", "item": "root-ca.pem", "md5sum": "a7a08c33ea53ad4b309d4a1ef5452f40", "mode": "0400", "owner": "wazuh-dashboard", "secontext": "system_u:object_r:etc_t:s0", "size": 1204, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081536.1709354-14376-127564474110323/source", "state": "file", "uid": 995}
changed: [192.168.57.102] => (item=node-1-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "b6fb2cda02630c9cd4df99730555534f2a46ed6c", "dest": "/etc/wazuh-dashboard/certs/node-1-key.pem", "gid": 992, "group": "wazuh-dashboard", "item": "node-1-key.pem", "md5sum": "be0b4514e5c988789e95b9726fa1e7f8", "mode": "0400", "owner": "wazuh-dashboard", "secontext": "system_u:object_r:etc_t:s0", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081536.8654718-14376-72511628509725/source", "state": "file", "uid": 995}
changed: [192.168.57.102] => (item=node-1.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "b2fcb6e7b1bd51a4322fed389a0d4ba7af7373c4", "dest": "/etc/wazuh-dashboard/certs/node-1.pem", "gid": 992, "group": "wazuh-dashboard", "item": "node-1.pem", "md5sum": "0ec1884c981fa0079100a31ced55ddde", "mode": "0400", "owner": "wazuh-dashboard", "secontext": "system_u:object_r:etc_t:s0", "size": 1277, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081537.736832-14376-20125008951123/source", "state": "file", "uid": 995}
TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] ****************
changed: [192.168.57.102] => {"changed": true, "checksum": "70baf0af4f303e0e67bb1d1cceb918703cf81448", "dest": "/etc/wazuh-dashboard//opensearch_dashboards.yml", "gid": 992, "group": "wazuh-dashboard", "md5sum": "3f006cc884a63733db39a836fda6ea2f", "mode": "0640", "owner": "wazuh-dashboard", "secontext": "system_u:object_r:etc_t:s0", "size": 586, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081538.643547-14454-6564657773879/source", "state": "file", "uid": 995}
TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ***
ok: [192.168.57.102] => {"changed": false, "gid": 992, "group": "wazuh-dashboard", "mode": "0750", "owner": "wazuh-dashboard", "path": "/usr/share/wazuh-dashboard", "secontext": "system_u:object_r:usr_t:s0", "size": 211, "state": "directory", "uid": 995}
TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] ************
ok: [192.168.57.102] => {"changed": false, "elapsed": 0, "match_groupdict": {}, "match_groups": [], "path": null, "port": 9200, "search_regex": null, "state": "started"}
TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] ************
ok: [192.168.57.102] => {"ansible_facts": {"indexer_api_protocol": "https"}, "changed": false}
TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] ***
ok: [192.168.57.102] => {"body": "{\"error\":{\"root_cause\":[{\"type\":\"index_not_found_exception\",\"reason\":\"no such index [.wazuh]\",\"index\":\".wazuh\",\"resource.id\":\".wazuh\",\"resource.type\":\"index_or_alias\",\"index_uuid\":\"_na_\"}],\"type\":\"index_not_found_exception\",\"reason\":\"no such index [.wazuh]\",\"index\":\".wazuh\",\"resource.id\":\".wazuh\",\"resource.type\":\"index_or_alias\",\"index_uuid\":\"_na_\"},\"status\":404}", "changed": false, "content_length": "365", "content_type": "application/json; charset=UTF-8", "elapsed": 0, "msg": "HTTP Error 404: Not Found", "redirected": false, "status": 404, "url": "https://127.0.0.1:9200/.wazuh"}
TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ***
ok: [192.168.57.102] => {"changed": false, "gid": 992, "group": "wazuh-dashboard", "mode": "0751", "owner": "wazuh-dashboard", "path": "/usr/share/wazuh-dashboard/data/wazuh/config/", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 6, "state": "directory", "uid": 995}
TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] *******
ok: [192.168.57.102] => {"changed": false, "checksum": "f83f70b10247f2010c723face7c1ca8397ef2ccd", "dest": "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml", "gid": 992, "group": "wazuh-dashboard", "md5sum": "76b97f0bad5f9bc0a38b7c96f9f0998d", "mode": "0751", "owner": "wazuh-dashboard", "secontext": "system_u:object_r:usr_t:s0", "size": 4279, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1701081611.1389081-14579-264601366071146/source", "state": "file", "uid": 995}
TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] ***
changed: [192.168.57.102] => {"changed": true, "cmd": "echo 'changeme' | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password", "delta": "0:00:00.502182", "end": "2023-11-27 10:40:12.691902", "msg": "", "rc": 0, "start": "2023-11-27 10:40:12.189720", "stderr": "", "stderr_lines": [], "stdout": "v16.20.0", "stdout_lines": ["v16.20.0"]}
TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] ***
changed: [192.168.57.102] => {"changed": true, "enabled": true, "name": "wazuh-dashboard", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice systemd-journald.socket basic.target -.mount", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "wazuh-dashboard", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/wazuh-dashboard (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-dashboard/bin/opensearch-dashboards ; argv[]=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/etc/systemd/system/wazuh-dashboard.service", "Group": "wazuh-dashboard", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "wazuh-dashboard.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "15098", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "wazuh-dashboard.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target -.mount", "RequiresMountsFor": "/usr/share/wazuh-dashboard", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "User": "wazuh-dashboard", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-dashboard"}}
TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ***
ok: [192.168.57.102] => {"changed": false, "repo": "wazuh_repo", "state": "absent"}
RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] *********
changed: [192.168.57.102] => {"changed": true, "name": "wazuh-indexer", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-11-27 10:32:04 UTC", "ActiveEnterTimestampMonotonic": "2089806382", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "tmp.mount -.mount network-online.target basic.target systemd-journald.socket system.slice", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-11-27 10:31:47 UTC", "AssertTimestampMonotonic": "2072506280", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2023-11-27 10:31:47 UTC", "ConditionTimestampMonotonic": "2072506280", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-indexer.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Wazuh-indexer", "DevicePolicy": "auto", "Documentation": "https://documentation.wazuh.com", "Environment": "OPENSEARCH_HOME=/usr/share/wazuh-indexer OPENSEARCH_PATH_CONF=/etc/wazuh-indexer PID_DIR=/run/wazuh-indexer OPENSEARCH_SD_NOTIFY=true", "EnvironmentFile": "/etc/sysconfig/wazuh-indexer (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4861", "ExecMainStartTimestamp": "Mon 2023-11-27 10:31:47 UTC", "ExecMainStartTimestampMonotonic": "2072508142", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-indexer/bin/systemd-entrypoint ; argv[]=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/wazuh-indexer.service", "Group": "wazuh-indexer", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "wazuh-indexer.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2023-11-27 10:31:47 UTC", "InactiveExitTimestampMonotonic": "2072508190", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "process", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "65535", "LimitNPROC": "4096", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4861", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "wazuh-indexer.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "yes", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target -.mount", "RequiresMountsFor": "/usr/share/wazuh-indexer /var/tmp", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectory": "wazuh-indexer", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "no", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "0", "TimerSlackNSec": "50000", "Transient": "no", "Type": "notify", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "User": "wazuh-indexer", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogTimestamp": "Mon 2023-11-27 10:32:04 UTC", "WatchdogTimestampMonotonic": "2089806334", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-indexer"}}
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] ***
changed: [192.168.57.102] => {"changed": true, "enabled": true, "name": "wazuh-manager", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-11-27 10:34:38 UTC", "ActiveEnterTimestampMonotonic": "2243790697", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "network.target network-online.target basic.target systemd-journald.socket system.slice", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-11-27 10:34:20 UTC", "AssertTimestampMonotonic": "2225433779", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2023-11-27 10:34:20 UTC", "ConditionTimestampMonotonic": "2225433779", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-manager.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Wazuh manager", "DevicePolicy": "auto", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control start ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStop": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control stop ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/wazuh-manager.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "wazuh-manager.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2023-11-27 10:34:20 UTC", "InactiveExitTimestampMonotonic": "2225434495", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "process", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "65536", "LimitNPROC": "15098", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "wazuh-manager.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "yes", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogTimestamp": "Mon 2023-11-27 10:34:38 UTC", "WatchdogTimestampMonotonic": "2243790640", "WatchdogUSec": "0"}}
RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] *******
changed: [192.168.57.102] => {"changed": true, "name": "filebeat", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-11-27 10:35:02 UTC", "ActiveEnterTimestampMonotonic": "2267188842", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target systemd-journald.socket network-online.target", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-11-27 10:35:02 UTC", "AssertTimestampMonotonic": "2267188001", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2023-11-27 10:35:02 UTC", "ConditionTimestampMonotonic": "2267188001", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/filebeat.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Filebeat sends log files to Logstash or directly to Elasticsearch.", "DevicePolicy": "auto", "Documentation": "https://www.elastic.co/products/beats/filebeat", "Environment": "BEAT_LOG_OPTS= BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml BEAT_PATH_OPTS=--path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "11203", "ExecMainStartTimestamp": "Mon 2023-11-27 10:35:02 UTC", "ExecMainStartTimestampMonotonic": "2267188748", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/filebeat/bin/filebeat ; argv[]=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/filebeat.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "filebeat.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2023-11-27 10:35:02 UTC", "InactiveExitTimestampMonotonic": "2267188842", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "15098", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "11203", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "filebeat.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "always", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogTimestamp": "Mon 2023-11-27 10:35:02 UTC", "WatchdogTimestampMonotonic": "2267188803", "WatchdogUSec": "0"}}
RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *****
changed: [192.168.57.102] => {"changed": true, "name": "wazuh-dashboard", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-11-27 10:40:13 UTC", "ActiveEnterTimestampMonotonic": "2578534973", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target systemd-journald.socket -.mount", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-11-27 10:40:13 UTC", "AssertTimestampMonotonic": "2578524480", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2023-11-27 10:40:13 UTC", "ConditionTimestampMonotonic": "2578524479", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-dashboard.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "wazuh-dashboard", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/wazuh-dashboard (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "12976", "ExecMainStartTimestamp": "Mon 2023-11-27 10:40:13 UTC", "ExecMainStartTimestampMonotonic": "2578532921", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-dashboard/bin/opensearch-dashboards ; argv[]=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml ; ignore_errors=no ; start_time=[Mon 2023-11-27 10:40:13 UTC] ; stop_time=[n/a] ; pid=12976 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/etc/systemd/system/wazuh-dashboard.service", "Group": "wazuh-dashboard", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "wazuh-dashboard.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2023-11-27 10:40:13 UTC", "InactiveExitTimestampMonotonic": "2578534973", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "15098", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "15098", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "12976", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "wazuh-dashboard.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target -.mount", "RequiresMountsFor": "/usr/share/wazuh-dashboard", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "User": "wazuh-dashboard", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Mon 2023-11-27 10:40:13 UTC", "WatchdogTimestampMonotonic": "2578534861", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-dashboard"}}
PLAY RECAP *********************************************************************
192.168.57.102 : ok=101 changed=53 unreachable=0 failed=0 skipped=88 rescued=0 ignored=0
After succeeding the installation, I checked that there is no duplicate tag of the [root@centos7 vagrant]# cat /var/ossec/etc/ossec.conf | grep ossec_conf
<ossec_config>
</ossec_config> |
|
Of course, you simply overwrite The point is, the default RPM provided |
|
Hello. Yes, it is true that the [root@centos7 vagrant]# cat /var/ossec/etc/ossec.conf | grep ossec_config
<ossec_config>
</ossec_config>
<ossec_config>
</ossec_config>But, this does not mean that it is an invalid XML file. In fact, we use this type of XML file in many of our repositories and deployments, and it does not generate any errors. In our documentation, we specify that So, as a conclusion, the format of the |
|
@davidcr01 It's not because you state in a document that [root@vagrant ~]# xmllint /var/ossec/etc/ossec.conf
/var/ossec/etc/ossec.conf:375: parser error : Extra content at the end of the document
<ossec_config>
^
Of course, OSSEC wrote its own "XML" parser. To improve interoperability with other XML parsing tools, it would be interesting if OSSEC/Wazuh would revise their definition of XML to be in-line with what the rest of the world defines as being XML. Same remark for decoder and rules XML files BTW. Open these within, for example Visual Studio Code, and it gives you red all over the place. All it takes is to define a proper top-level XML element, for example: |
|
Ok, I can see your point now. With that information, I would pass this issue to the corresponding team in order to study your request. |
|
@davidcr01 OK, thanks for trying to push this. Wazuh is certainly a big improvement over OSSEC. But it's these "rough edges" that you drag along from OSSEC that can use some attention I guess. |
|
Hello @fcorneli, You have pointed out that Wazuh has some legacy issues from OSSEC that can affect the compatibility with other products. One of these issues is the configuration format, which allows concatenation of multiple root blocks: echo '<ossec_config> <!-- New setting --> </ossec_config>' >> /var/ossec/etc/ossec.confThis is not a valid XML syntax and can cause errors when parsing it with other tools, such as Ansible in your case. We are planning to replace the XML configuration with a standard YAML format in the near future (5.0). We hope this will solve your problem. Best regards. |
Editing YAML via Ansible is really painful... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Seems like the default RPM installation on CentOS 7 gives a
/var/ossec/etc/ossec.confXML file with multipleossec_configroot elements. This makes it impossible for the Ansiblecommunity.general.xmlmodule to provision this file. Could this be fixed?The text was updated successfully, but these errors were encountered: