Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the default user from wazuh to wazuh-wui when deploying. #1282

Closed
1 of 2 tasks
CarlosALgit opened this issue May 13, 2024 · 2 comments · Fixed by #1290
Closed
1 of 2 tasks

Change the default user from wazuh to wazuh-wui when deploying. #1282

CarlosALgit opened this issue May 13, 2024 · 2 comments · Fixed by #1290
Assignees
@vcerenu
Labels
level/task Subtask issue type/bug

Comments

@CarlosALgit
Copy link
Member

CarlosALgit commented May 13, 2024
edited by vcerenu

Description

Related: wazuh/wazuh#22751 (comment)

We have found that the user established on the wazuh.yml file is wazuh for the Ansible deployment.

As seen on the documentation the user by default on the wazuh.yml file in the step-by-step installation is wazuh-wui.

The objective of this issue is to unify users to follow the same guidelines.

Tasks

  • Change the user by default in wazuh.yml to wazuh-wui.
  • Test that the deployment is correct with the changes.
@vcerenu vcerenu self-assigned this May 21, 2024
@vcerenu vcerenu mentioned this issue May 21, 2024
Merged
@vcerenu vcerenu linked a pull request May 21, 2024 that will close this issue
Change wazuh api username #1290
Merged
@vcerenu
Copy link
Member

vcerenu commented May 21, 2024
edited

Tests

The default username and password were modified in the corresponding playbooks.

A test is carried out with the same modifications of the attached PR, but on the v4.7.4 tag:

root@master:/etc/ansible/roles# sudo git clone https://github.com/wazuh/wazuh-ansible.git
Cloning into 'wazuh-ansible'...
remote: Enumerating objects: 21362, done.
remote: Counting objects: 100% (2755/2755), done.
remote: Compressing objects: 100% (1081/1081), done.
remote: Total 21362 (delta 1463), reused 2441 (delta 1220), pack-reused 18607
Receiving objects: 100% (21362/21362), 6.56 MiB | 15.36 MiB/s, done.
Resolving deltas: 100% (13033/13033), done.
root@master:/etc/ansible/roles# cd wazuh-ansible/
root@master:/etc/ansible/roles/wazuh-ansible# git checkout test-api-user
Branch 'test-api-user' set up to track remote branch 'test-api-user' from 'origin'.
Switched to a new branch 'test-api-user'
Your branch is up to date with 'origin/test-api-user'.
root@master:/etc/ansible/roles/wazuh-ansible# tree roles -d
roles
├── elastic-stack
│   └── ansible-kibana
│       └── defaults
├── opendistro
│   └── opendistro-kibana
│       └── defaults
└── wazuh
    ├── ansible-filebeat
    │   └── defaults
    ├── ansible-filebeat-oss
    │   ├── defaults
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   └── templates
    ├── ansible-wazuh-agent
    │   ├── defaults
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   └── templates
    ├── ansible-wazuh-manager
    │   ├── defaults
    │   ├── files
    │   │   └── custom_ruleset
    │   │       ├── decoders
    │   │       └── rules
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   ├── templates
    │   └── vars
    ├── check-packages
    │   ├── defaults
    │   ├── files
    │   ├── scripts
    │   └── tasks
    ├── vars
    ├── wazuh-dashboard
    │   ├── defaults
    │   ├── handlers
    │   ├── tasks
    │   ├── templates
    │   └── vars
    └── wazuh-indexer
        ├── defaults
        ├── handlers
        ├── meta
        ├── tasks
        └── templates

50 directories
root@master:/etc/ansible/roles/wazuh-ansible# vi playbooks/wazuh-indexer-and-dashboard.yml
root@master:/etc/ansible/roles/wazuh-ansible# cd playbooks/
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# ansible-playbook wazuh-indexer-and-dashboard.yml -b -K
BECOME password:

PLAY [all_in_one] ***********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] **************************************************************************************************************************************
ok: [127.0.0.1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***********************************************************************************************
changed: [127.0.0.1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] **********************************************************************************************************************
ok: [127.0.0.1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] **********************************************************************************************************************
changed: [127.0.0.1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] **********************************************************************************************************
changed: [127.0.0.1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************
changed: [127.0.0.1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *****************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] *****************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ***************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***********************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Update cache] **************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ****************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] **********************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] *********************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] **************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ****************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_tasks] *************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] **************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] *******************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Index files to remove] *****************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] **********************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***********************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] **********************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **********************************************************************************************************************************************
skipping: [127.0.0.1]

PLAY [all_in_one] ***********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] **************************************************************************************************************************************
ok: [127.0.0.1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***********************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] **********************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] **********************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] **********************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *****************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] *****************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ***************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***********************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Update cache] **************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ****************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] **********************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] *********************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] **************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ****************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : include_tasks] *************************************************************************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/wazuh-indexer/tasks/security_actions.yml for 127.0.0.1

TASK [../roles/wazuh/wazuh-indexer : Configure IP (Private address)] ********************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Configure IP (Public address)] *********************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Ensure Indexer certificates directory permissions.] ************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Copy the node & admin certificates to Wazuh indexer cluster] ***************************************************************************************************************
changed: [127.0.0.1] => (item=root-ca.pem)
changed: [127.0.0.1] => (item=root-ca.key)
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
changed: [127.0.0.1] => (item=admin-key.pem)
changed: [127.0.0.1] => (item=admin.pem)

TASK [../roles/wazuh/wazuh-indexer : Restart Wazuh indexer with security configuration] *************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Copy the Opensearch security internal users template] **********************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] *****************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ***********************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ***********************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] ****************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Initialize the Opensearch security index in Wazuh indexer] *****************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Create custom user] ********************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] **************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] *******************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Index files to remove] *****************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/batch_metrics_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 6, 'inode': 262190, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/performance_analyzer_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 5, 'inode': 262187, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/rca_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 5, 'inode': 262188, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})

TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] **********************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***********************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] **********************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **********************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : RedHat/CentOS/Fedora | Add Wazuh dashboard repo] *************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *************************************************************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Add apt repository signing key] ******************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Debian systems | Add Wazuh dashboard repo] *******************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *************************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Remove Dashboard configuration file] *************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Ensure Dashboard certificates directory permissions.] ********************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ********************************************************************************************************
changed: [127.0.0.1] => (item=root-ca.pem)
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)

TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] *************************************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ********************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] *********************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] *********************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] ***********************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] ****************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] *********************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] ******************************************************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] *****************************************************************************************************
skipping: [127.0.0.1]

RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] ******************************************************************************************************************************************
changed: [127.0.0.1]

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] **************************************************************************************************************************************
changed: [127.0.0.1]

PLAY RECAP ******************************************************************************************************************************************************************************************************
127.0.0.1                  : ok=58   changed=32   unreachable=0    failed=0    skipped=49   rescued=0    ignored=0

root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-21 11:59:55 UTC; 4s ago
       Docs: https://documentation.wazuh.com
   Main PID: 10200 (java)
      Tasks: 51 (limit: 9388)
     Memory: 4.2G
        CPU: 27.937s
     CGroup: /system.slice/wazuh-indexer.service
             └─10200 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headles>

May 21 11:59:43 master systemd[1]: Starting Wazuh-indexer...
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: A terminally deprecated method in java.lang.System has been called
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager will be removed in a future release
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: A terminally deprecated method in java.lang.System has been called
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager will be removed in a future release
May 21 11:59:55 master systemd[1]: Started Wazuh-indexer.
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-21 11:59:56 UTC; 17s ago
   Main PID: 10451 (node)
      Tasks: 11 (limit: 9388)
     Memory: 237.2M
        CPU: 4.721s
     CGroup: /system.slice/wazuh-dashboard.service
             └─10451 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_>

May 21 12:00:07 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:07Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
May 21 12:00:09 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:09Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Starting saved objects migrations"}
May 21 12:00:09 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:09Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Creating index .kibana_1."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Pointing alias .kibana to .kibana_1."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Finished in 174ms."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","plugins-system"],"pid":10451,"message":"Starting [44] plugins: [alertingDashboards,usageC>
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["listening","info"],"pid":10451,"message":"Server running at https://0.0.0.0:443"}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","http","server","OpenSearchDashboards"],"pid":10451,"message":"http server running at http>
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# vi wazuh-manager-oss.yml
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# ansible-playbook wazuh-manager-oss.yml -b -K
BECOME password:

PLAY [all_in_one] ******************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] *****************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] **************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml for 127.0.0.1

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] *****************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] **************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key] **************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Add Wazuh repositories] ***********************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu] **********************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK-8 repo] ***********************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK 1.8] **************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenScap] *****************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Get OpenScap installed version] ***************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Check OpenScap version] ***********************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies to build from sources] *******************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install wazuh-manager] ************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Install expect] ***********************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Generate SSL files for authd] *********************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Copy CA, SSL key and cert for authd] **************************************************************************
skipping: [127.0.0.1] => (item=)
skipping: [127.0.0.1] => (item=sslmanager.cert)
skipping: [127.0.0.1] => (item=sslmanager.key)
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old init authd service] *************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old systemd authd service] **********************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Ensure ossec-authd service is disabled] ***********************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Removing old init authd services] *****************************************************************************
skipping: [127.0.0.1] => (item=/etc/init.d/ossec-authd)
skipping: [127.0.0.1] => (item=/lib/systemd/system/ossec-authd.service)
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_rules.xml (default local_rules.xml)] *****************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Adding local rules files] *************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_decoder.xml] *****************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Adding local decoders files] **********************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Configure the shared-agent.conf] ******************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_internal_options.conf] *******************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving Agentless Credentials] *****************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving authd Credentials] *********************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Check if syslog output is enabled] ****************************************************************************
skipping: [127.0.0.1] => (item={'server': None, 'port': None, 'format': None})
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Check if client-syslog is enabled] ****************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Enable client-syslog] *****************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Check if ossec-agentlessd is enabled] *************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Enable ossec-agentlessd] **************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Checking alert log output settings] ***************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Configure ossec.conf] *****************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Ossec-authd password] *****************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Copy create_user script] **************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Create admin.json] ********************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Execute create_user script] ***********************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Agentless Hosts & Passwd] *************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Encode the secret] ********************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Ensure Wazuh Manager service is started and enabled.] *********************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Create agent groups] ******************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : Run uninstall tasks] ******************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml for 127.0.0.1

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Remove Wazuh repository.] *********************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)] *****************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml for 127.0.0.1

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] ******************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Elasticsearch apt key.] ********************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Filebeat-oss repository.] ******************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Redhat] *************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Debian] *************************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module folder file exists] ****************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] ******************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Unpack Filebeat module package] ********************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Setting 0755 permission for Filebeat module folder] ************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module package file exists] ***************************************************************
ok: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Delete Filebeat module package file] ***************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Copy Filebeat configuration.] **********************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Fetch latest Wazuh alerts template] ****************************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml for 127.0.0.1

TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat SSL key pair directory exists.] ****************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : Copy the certificates from local to the Manager instance] ******************************************************
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
changed: [127.0.0.1] => (item=root-ca.pem)

TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat is started and enabled at boot.] ***************************************************************
changed: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
skipping: [127.0.0.1]

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml for 127.0.0.1

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)] **********************************
ok: [127.0.0.1]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *****************************************************************************
changed: [127.0.0.1]

RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] ***********************************************************************************
changed: [127.0.0.1]

PLAY RECAP *************************************************************************************************************************************************
127.0.0.1                  : ok=50   changed=23   unreachable=0    failed=0    skipped=33   rescued=0    ignored=0

root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-21 12:15:05 UTC; 15min ago
    Process: 59276 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
      Tasks: 141 (limit: 9388)
     Memory: 321.1M
        CPU: 35.598s
     CGroup: /system.slice/wazuh-manager.service
             ├─59333 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─59334 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─59337 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─59340 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─59381 /var/ossec/bin/wazuh-authd
             ├─59397 /var/ossec/bin/wazuh-db
             ├─59421 /var/ossec/bin/wazuh-execd
             ├─59435 /var/ossec/bin/wazuh-analysisd
             ├─59496 /var/ossec/bin/wazuh-syscheckd
             ├─59511 /var/ossec/bin/wazuh-remoted
             ├─59543 /var/ossec/bin/wazuh-logcollector
             ├─59578 /var/ossec/bin/wazuh-monitord
             └─59634 /var/ossec/bin/wazuh-modulesd

May 21 12:14:57 master env[59276]: Started wazuh-db...
May 21 12:14:58 master env[59276]: Started wazuh-execd...
May 21 12:14:59 master env[59276]: Started wazuh-analysisd...
May 21 12:14:59 master env[59276]: Started wazuh-syscheckd...
May 21 12:15:00 master env[59276]: Started wazuh-remoted...
May 21 12:15:01 master env[59276]: Started wazuh-logcollector...
May 21 12:15:02 master env[59276]: Started wazuh-monitord...
May 21 12:15:03 master env[59276]: Started wazuh-modulesd...
May 21 12:15:05 master env[59276]: Completed.
May 21 12:15:05 master systemd[1]: Started Wazuh manager.
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
     Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-21 12:15:05 UTC; 15min ago
       Docs: https://www.elastic.co/products/beats/filebeat
   Main PID: 60205 (filebeat)
      Tasks: 9 (limit: 9388)
     Memory: 9.5M
        CPU: 159ms
     CGroup: /system.slice/filebeat.service
             └─60205 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /et>

May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.482Z        INFO        [publisher]        pipeline/retry.go:219        retryer: send unwait si>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.482Z        INFO        [publisher]        pipeline/retry.go:223          done
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.494Z        INFO        [esclientleg]        eslegclient/connection.go:314        Attempting to>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.495Z        INFO        [esclientleg]        eslegclient/connection.go:314        Attempting to>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.497Z        INFO        template/load.go:183        Existing template will be overwritten, as o>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.498Z        INFO        template/load.go:117        Try loading template wazuh to Elasticsearch
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.534Z        INFO        template/load.go:109        template with name 'wazuh' loaded.
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.534Z        INFO        [index-management]        idxmgmt/std.go:298        Loaded index templa>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.537Z        INFO        [publisher_pipeline_output]        pipeline/output.go:151        Connec>
May 21 12:21:12 master filebeat[60205]: 2024-05-21T12:21:12.807Z        INFO        log/harvester.go:333        File is inactive: /var/ossec/logs/alerts/al>
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# TOKEN=$(curl -s -u wazuh-wui:wazuh-wui -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer $TOKEN"
{
   "data": {
      "affected_items": [
         {
            "wazuh-agentlessd": "stopped",
            "wazuh-analysisd": "running",
            "wazuh-authd": "running",
            "wazuh-csyslogd": "stopped",
            "wazuh-dbd": "stopped",
            "wazuh-monitord": "running",
            "wazuh-execd": "running",
            "wazuh-integratord": "stopped",
            "wazuh-logcollector": "running",
            "wazuh-maild": "stopped",
            "wazuh-remoted": "running",
            "wazuh-reportd": "stopped",
            "wazuh-syscheckd": "running",
            "wazuh-clusterd": "stopped",
            "wazuh-modulesd": "running",
            "wazuh-db": "running",
            "wazuh-apid": "running"
         }
      ],
      "total_affected_items": 1,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "Processes status was successfully read",
   "error": 0
}
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
---
#
# Wazuh app - App configuration file
# Copyright (C) 2016, Wazuh Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-dashboard-plugins
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-4.x-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api     : true
#checks.setup   : true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci       : true
#extensions.gdpr      : true
#extensions.hipaa     : true
#extensions.nist      : true
#extensions.audit     : true
#extensions.oscap     : false
#extensions.ciscat    : false
#extensions.aws       : false
#extensions.virustotal: false
#extensions.osquery   : false
#extensions.docker    : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# ------------------------------ Advanced indices ------------------------------
#
# Configure .wazuh indices shards and replicas.
#wazuh.shards          : 1
#wazuh.replicas        : 0
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# -------------------------------- X-Pack RBAC ---------------------------------
#
# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
# Default: enabled
#xpack.rbac.enabled: true
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-4.x-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-4.x-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-4.x-*
#
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
#  - <id>:
#     url: http(s)://<url>
#     port: <port>
#     user: <user>
#     password: <password>

hosts:
  - default:
      url: https://localhost
      port: 55000
      username: wazuh-wui
      password: "wazuh-wui"
root@master:/etc/ansible/roles/wazuh-ansible/playbooks#

The Wazuh dashboard connection is verified using the Wazuh API:

image

@vcerenu
Copy link
Member

vcerenu commented May 21, 2024

Tests

Demo deployment with api username and password changed:

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vcerenu vcerenu

Labels
level/task Subtask issue type/bug
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Change wazuh api username wazuh/wazuh-ansible
3 participants
@teddytpc1 @vcerenu @CarlosALgit