Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add :z option to mounted files #1259

Closed
5 tasks
vcerenu opened this issue Mar 12, 2024 · 8 comments · May be fixed by #1262
Closed
5 tasks

Add :z option to mounted files #1259

vcerenu opened this issue Mar 12, 2024 · 8 comments · May be fixed by #1262
Assignees
Labels

Comments

@vcerenu
Copy link
Member

vcerenu commented Mar 12, 2024

Description

It is required to add the :z option to the files that are mounted in the Wazuh containers so that they can modify the SElinux labels.

It is necessary to verify that this change correctly performs what is needed and does not have a negative impact on the deployment under Linux distributions without active SElinux and that upgrading from a deployment without these options to one with this change does not generate errors.

Tasks

  • Reproduce the issue
  • Validate if the change solves it
  • Test the change in a Linux system without SElinux
  • Test upgrade starting with a deployment without the changes and finishing with a deployment with the changes
  • Test deploying without the changes, then remove the deployment (without deleting the volumes) and finally deploy again with the changes
@teddytpc1 teddytpc1 linked a pull request Mar 12, 2024 that will close this issue
@teddytpc1 teddytpc1 changed the title Review PR 711 Add :z option to mounted files Mar 12, 2024
@wazuhci wazuhci moved this to Backlog in XDR+SIEM/Release 5.0.0 Mar 12, 2024
@levisre
Copy link

levisre commented Mar 14, 2024

New PR: #1262

@teddytpc1 teddytpc1 linked a pull request Mar 18, 2024 that will close this issue
@vcerenu vcerenu self-assigned this May 10, 2024
@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 May 10, 2024
@vcerenu
Copy link
Member Author

vcerenu commented May 14, 2024

Tests

Ubuntu 22 with :z option:

$ cat docker-compose.yml 
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.7.4
    hostname: wazuh.manager
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 655360
        hard: 655360
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration:z
      - wazuh_etc:/var/ossec/etc:z
      - wazuh_logs:/var/ossec/logs:z
      - wazuh_queue:/var/ossec/queue:z
      - wazuh_var_multigroups:/var/ossec/var/multigroups:z
      - wazuh_integrations:/var/ossec/integrations:z
      - wazuh_active_response:/var/ossec/active-response/bin:z
      - wazuh_agentless:/var/ossec/agentless:z
      - wazuh_wodles:/var/ossec/wodles:z
      - filebeat_etc:/etc/filebeat:z
      - filebeat_var:/var/lib/filebeat:z
      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key:z
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf:z

  wazuh.indexer:
    image: wazuh/wazuh-indexer:4.7.4
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer:z
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem:z
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem:z
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem:z
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml:z
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml:z

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.7.4
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem:z
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem:z
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml:z
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:z
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config:z
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom:z
    depends_on:
      - wazuh.indexer
    links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

volumes:
  wazuh_api_configuration:
  wazuh_etc:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:
  wazuh-dashboard-config:
  wazuh-dashboard-custom:
$ docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
698764428d41   wazuh/wazuh-dashboard:4.7.4   "/entrypoint.sh"         6 seconds ago   Up 5 seconds   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
9749a4c56520   wazuh/wazuh-manager:4.7.4     "/init"                  7 seconds ago   Up 5 seconds   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
a5cd60b7ac0e   wazuh/wazuh-indexer:4.7.4     "/entrypoint.sh open…"   7 seconds ago   Up 5 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
$ curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**b491aee535c66d2b73b666a8e442701d8124a560c5cb020f2367ea37aefb56dc*tpjbzMb8lqvfwAiU0Rq5tg*iP2k0TZ6IXavMy-GDepntvsbtjRpjwnTg3Azg0IBrtLqlP9h4472OZdiEN4wL6gxXxOfr8fB1qRE05uhtcDpS91hlDzaepIREMxCRAfiEtVDjh2P5PNN6susxJXlSbUAOP8ftkSPQC_xSVcHLfVZkzNqSKBnG5OAWf95gUlxUuNb31PVK5ef_zgMdxz-5oBT**a1478c98c8e97da5ce8164bf6ae2fa9dea04faee56b7f8a56ec80631a5bea24c*uGYiSjVWArUCnvWgiLQe-rse0c4FlNnFMpmsPg2Ulc4; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Tue, 14 May 2024 13:59:19 GMT
Connection: keep-alive
Keep-Alive: timeout=120

$ curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
$ TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
$ curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer $TOKEN"
{
   "data": {
      "affected_items": [
         {
            "wazuh-agentlessd": "stopped",
            "wazuh-analysisd": "running",
            "wazuh-authd": "running",
            "wazuh-csyslogd": "stopped",
            "wazuh-dbd": "stopped",
            "wazuh-monitord": "running",
            "wazuh-execd": "running",
            "wazuh-integratord": "stopped",
            "wazuh-logcollector": "running",
            "wazuh-maild": "stopped",
            "wazuh-remoted": "running",
            "wazuh-reportd": "stopped",
            "wazuh-syscheckd": "running",
            "wazuh-clusterd": "stopped",
            "wazuh-modulesd": "running",
            "wazuh-db": "running",
            "wazuh-apid": "running"
         }
      ],
      "total_affected_items": 1,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "Processes status was successfully read",
   "error": 0
 }
$ docker exec -it single-node_wazuh.manager_1 filebeat test output
elasticsearch: https://wazuh.indexer:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.22.0.3
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
$ 

@vcerenu
Copy link
Member Author

vcerenu commented May 14, 2024

RHEL 9 without :z option

[root@ip-172-31-34-188 single-node]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
[root@ip-172-31-34-188 single-node]# cat docker-compose.yml 
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.7.4
    hostname: wazuh.manager
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 655360
        hard: 655360
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration
      - wazuh_etc:/var/ossec/etc
      - wazuh_logs:/var/ossec/logs
      - wazuh_queue:/var/ossec/queue
      - wazuh_var_multigroups:/var/ossec/var/multigroups
      - wazuh_integrations:/var/ossec/integrations
      - wazuh_active_response:/var/ossec/active-response/bin
      - wazuh_agentless:/var/ossec/agentless
      - wazuh_wodles:/var/ossec/wodles
      - filebeat_etc:/etc/filebeat
      - filebeat_var:/var/lib/filebeat
      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh.indexer:
    image: wazuh/wazuh-indexer:4.7.4
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.7.4
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
    depends_on:
      - wazuh.indexer
    links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

volumes:
  wazuh_api_configuration:
  wazuh_etc:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:
  wazuh-dashboard-config:
  wazuh-dashboard-custom:
[root@ip-172-31-34-188 single-node]# docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
[root@ip-172-31-34-188 single-node]# docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                                                                                                           NAMES
028ab2ade5a3   wazuh/wazuh-dashboard:4.7.4   "/entrypoint.sh"         13 seconds ago   Up 12 seconds   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
44bb57b99b74   wazuh/wazuh-manager:4.7.4     "/init"                  14 seconds ago   Up 13 seconds   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
5d1469923afa   wazuh/wazuh-indexer:4.7.4     "/entrypoint.sh open…"   14 seconds ago   Up 13 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
[root@ip-172-31-34-188 single-node]# curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**4fbcd91cb00d5a95358aab9a003077e30e611d5c6f37e54d3224d3c09fee2f0c*lSC-2OXPJyuC-w77jkOt4g*0fiHsCcOx-xCEIOtRVo0PSy6BVEgIHH4zmGzWW0F7dJANW--XT4e5Fc45TG2QYEkXBCgI9FrogGKNL5l9wDZygdXfZM804Sl1M8wmKPQe08-ptr2qIopwSA9mTMHx9bySJamLMdHBdVyKMogQ7LBM3bPW11GmeylJ5rHNjZoW0VWhae_Z1fOx6EI9oCm_XIU**5d43a713cabbee51fe294930cee07e879bae50902708ea6eebe49d24939fb71e*a8UzMeT2U2hdKrHMWDrSZMoDlqAsfv3d2R5K-X0E4mY; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Tue, 14 May 2024 14:17:06 GMT
Connection: keep-alive
Keep-Alive: timeout=120

[root@ip-172-31-34-188 single-node]#curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -ss

{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
[root@ip-172-31-34-188 single-node]# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
[root@ip-172-31-34-188 single-node]# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer $TOKEN"
{
   "data": {
      "affected_items": [
         {
            "wazuh-agentlessd": "stopped",
            "wazuh-analysisd": "running",
            "wazuh-authd": "running",
            "wazuh-csyslogd": "stopped",
            "wazuh-dbd": "stopped",
            "wazuh-monitord": "running",
            "wazuh-execd": "running",
            "wazuh-integratord": "stopped",
            "wazuh-logcollector": "running",
            "wazuh-maild": "stopped",
            "wazuh-remoted": "running",
            "wazuh-reportd": "stopped",
            "wazuh-syscheckd": "running",
            "wazuh-clusterd": "stopped",
            "wazuh-modulesd": "running",
            "wazuh-db": "running",
            "wazuh-apid": "running"
         }
      ],
      "total_affected_items": 1,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "Processes status was successfully read",
   "error": 0
}
[root@ip-172-31-34-188 single-node]#docker exec -it single-node_wazuh.manager_1 filebeat test outputt

elasticsearch: https://wazuh.indexer:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.21.0.3
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@ip-172-31-34-188 single-node]# 

@vcerenu
Copy link
Member Author

vcerenu commented May 14, 2024

Decian 12 with z option

root@ip-172-31-46-212:~/wazuh-docker/single-node# cat docker-compose.yml 
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.7.4
    hostname: wazuh.manager
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 655360
        hard: 655360
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration:z
      - wazuh_etc:/var/ossec/etc:z
      - wazuh_logs:/var/ossec/logs:z
      - wazuh_queue:/var/ossec/queue:z
      - wazuh_var_multigroups:/var/ossec/var/multigroups:z
      - wazuh_integrations:/var/ossec/integrations:z
      - wazuh_active_response:/var/ossec/active-response/bin:z
      - wazuh_agentless:/var/ossec/agentless:z
      - wazuh_wodles:/var/ossec/wodles:z
      - filebeat_etc:/etc/filebeat:z
      - filebeat_var:/var/lib/filebeat:z
      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key:z
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf:z

  wazuh.indexer:
    image: wazuh/wazuh-indexer:4.7.4
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer:z
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem:z
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem:z
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem:z
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml:z
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml:z

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.7.4
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem:z
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem:z
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml:z
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:z
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config:z
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom:z
    depends_on:
      - wazuh.indexer
    links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

volumes:
  wazuh_api_configuration:
  wazuh_etc:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:
  wazuh-dashboard-config:
  wazuh-dashboard-custom:
root@ip-172-31-46-212:~/wazuh-docker/single-node# docker-compose up -d
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Pulling wazuh.manager (wazuh/wazuh-manager:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-manager
4477f8fe99eb: Pull complete
4f82ca0de8a3: Pull complete
6e28c91bf777: Pull complete
0fec5dd278d8: Pull complete
ee85e582bf27: Pull complete
f10c38f7efaf: Pull complete
93bcbc6a9448: Pull complete
ca64c0fc9c15: Pull complete
ae935062ef4f: Pull complete
d4961b085c15: Pull complete
fc107cfd5c2e: Pull complete
c0d1fb658994: Pull complete
451a4e1798f0: Pull complete
9d09bc2b68a7: Pull complete
883eedb0a2cc: Pull complete
7ed3a0fe083b: Pull complete
9993a312216e: Pull complete
f0a3f2587984: Pull complete
7035748a853c: Pull complete
Digest: sha256:1fffbb9c2aa1cad5ebfdd3931f7a64f971f8eb00d375c4d27446cbb9f378daec
Status: Downloaded newer image for wazuh/wazuh-manager:4.7.4
Pulling wazuh.indexer (wazuh/wazuh-indexer:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-indexer
4477f8fe99eb: Already exists
7e35b2ca79c1: Pull complete
e643da7165cb: Pull complete
627b30910ffe: Pull complete
8cd1f1a10661: Pull complete
ec9201c50a43: Pull complete
fea7f74075b9: Pull complete
0c442ad43dfc: Pull complete
abf77b830c62: Pull complete
eecc1011391f: Pull complete
5d306016bcfd: Pull complete
0e5a888b320d: Pull complete
180da07d0cbb: Pull complete
6daa89e881e9: Pull complete
Digest: sha256:9c45a77707a898dc05c522ee7e4f6c3f0c1faefdb20d45ade70a32c94a727819
Status: Downloaded newer image for wazuh/wazuh-indexer:4.7.4
Pulling wazuh.dashboard (wazuh/wazuh-dashboard:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-dashboard
4477f8fe99eb: Already exists
06940afa91b1: Pull complete
7c014928fc44: Pull complete
881d31674f2d: Pull complete
f38563d87715: Pull complete
f11cb71b84d3: Pull complete
c55be58f8ad7: Pull complete
826b252d37bc: Pull complete
fa4d268f2f11: Pull complete
9100a9073978: Pull complete
ed9829d616cc: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:101998c7e47a926404eea7bd354f39b5ea34a40d5ec6aa0fedb240c44853766c
Status: Downloaded newer image for wazuh/wazuh-dashboard:4.7.4
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
root@ip-172-31-46-212:~/wazuh-docker/single-node# docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                                                                                                           NAMES
1e0f739f2e2b   wazuh/wazuh-dashboard:4.7.4   "/entrypoint.sh"         13 minutes ago   Up 13 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
371f669709f9   wazuh/wazuh-manager:4.7.4     "/init"                  13 minutes ago   Up 13 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
c3744b1079da   wazuh/wazuh-indexer:4.7.4     "/entrypoint.sh open…"   13 minutes ago   Up 13 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
root@ip-172-31-46-212:~/wazuh-docker/single-node# curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**01fe230eccf4522f6ef3847574edbeae87ce0bd1d504299ae0054bc48ea4a9db*_BahbnbqB970asrAP2vIHQ*t_Z4PsxxXGrR5Cbt0bkRnJEBWwkrWeO2dvK03RgGC3kedEmR4DGKZ4ipflv_foHXnUjN3X0bHsVhHKlJcBdoEjJdT_fpHapYZzhnbp1meNcHsulP4rYts-G5Sm_4Sx7rGtE2LdujmDrcdcUmixZXQqKtkFeZbQLrxxQWynZ2nc7-aP1haG7rjABqSDaJqbT1**572bc85f14cf89fa65ffbba922c14a2f2ca9f52129bc459a57f666b4d5d6876f*spQdZ2RKqzKMThlqCyzMaIiKQU0ObfbVWWzvk0QTbFw; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Tue, 14 May 2024 15:20:55 GMT
Connection: keep-alive
Keep-Alive: timeout=120

root@ip-172-31-46-212:~/wazuh-docker/single-node# curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
root@ip-172-31-46-212:~/wazuh-docker/single-node# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
root@ip-172-31-46-212:~/wazuh-docker/single-node# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer $TOKEN"
{
   "data": {
      "affected_items": [
         {
            "wazuh-agentlessd": "stopped",
            "wazuh-analysisd": "running",
            "wazuh-authd": "running",
            "wazuh-csyslogd": "stopped",
            "wazuh-dbd": "stopped",
            "wazuh-monitord": "running",
            "wazuh-execd": "running",
            "wazuh-integratord": "stopped",
            "wazuh-logcollector": "running",
            "wazuh-maild": "stopped",
            "wazuh-remoted": "running",
            "wazuh-reportd": "stopped",
            "wazuh-syscheckd": "running",
            "wazuh-clusterd": "stopped",
            "wazuh-modulesd": "running",
            "wazuh-db": "running",
            "wazuh-apid": "running"
         }
      ],
      "total_affected_items": 1,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "Processes status was successfully read",
   "error": 0
}
root@ip-172-31-46-212:~/wazuh-docker/single-node#docker exec -it single-node_wazuh.manager_1 filebeat test outputt
elasticsearch: https://wazuh.indexer:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.18.0.3
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
root@ip-172-31-46-212:~/wazuh-docker/single-node# 

@vcerenu
Copy link
Member Author

vcerenu commented May 15, 2024

Centos 7 without :z option

[root@ip-172-31-45-119 single-node]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[root@ip-172-31-45-119 single-node]# docker-compose up -d
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Pulling wazuh.manager (wazuh/wazuh-manager:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-manager
4477f8fe99eb: Pull complete
4f82ca0de8a3: Pull complete
6e28c91bf777: Pull complete
0fec5dd278d8: Pull complete
ee85e582bf27: Pull complete
f10c38f7efaf: Pull complete
93bcbc6a9448: Pull complete
ca64c0fc9c15: Pull complete
ae935062ef4f: Pull complete
d4961b085c15: Pull complete
fc107cfd5c2e: Pull complete
c0d1fb658994: Pull complete
451a4e1798f0: Pull complete
9d09bc2b68a7: Pull complete
883eedb0a2cc: Pull complete
7ed3a0fe083b: Pull complete
9993a312216e: Pull complete
f0a3f2587984: Pull complete
7035748a853c: Pull complete
Digest: sha256:1fffbb9c2aa1cad5ebfdd3931f7a64f971f8eb00d375c4d27446cbb9f378daec
Status: Downloaded newer image for wazuh/wazuh-manager:4.7.4
Pulling wazuh.indexer (wazuh/wazuh-indexer:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-indexer
4477f8fe99eb: Already exists
7e35b2ca79c1: Pull complete
e643da7165cb: Pull complete
627b30910ffe: Pull complete
8cd1f1a10661: Pull complete
ec9201c50a43: Pull complete
fea7f74075b9: Pull complete
0c442ad43dfc: Pull complete
abf77b830c62: Pull complete
eecc1011391f: Pull complete
5d306016bcfd: Pull complete
0e5a888b320d: Pull complete
180da07d0cbb: Pull complete
6daa89e881e9: Pull complete
Digest: sha256:9c45a77707a898dc05c522ee7e4f6c3f0c1faefdb20d45ade70a32c94a727819
Status: Downloaded newer image for wazuh/wazuh-indexer:4.7.4
Pulling wazuh.dashboard (wazuh/wazuh-dashboard:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-dashboard
4477f8fe99eb: Already exists
06940afa91b1: Pull complete
7c014928fc44: Pull complete
881d31674f2d: Pull complete
f38563d87715: Pull complete
f11cb71b84d3: Pull complete
c55be58f8ad7: Pull complete
826b252d37bc: Pull complete
fa4d268f2f11: Pull complete
9100a9073978: Pull complete
ed9829d616cc: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:101998c7e47a926404eea7bd354f39b5ea34a40d5ec6aa0fedb240c44853766c
Status: Downloaded newer image for wazuh/wazuh-dashboard:4.7.4
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
[root@ip-172-31-45-119 single-node]# docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                                                                                                           NAMES
0c02cec132ae   wazuh/wazuh-dashboard:4.7.4   "/entrypoint.sh"         14 seconds ago   Up 13 seconds   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
c078b714c82b   wazuh/wazuh-manager:4.7.4     "/init"                  18 seconds ago   Up 13 seconds   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
adeb6d5f6b34   wazuh/wazuh-indexer:4.7.4     "/entrypoint.sh open…"   18 seconds ago   Up 13 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
[root@ip-172-31-45-119 single-node]# curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**7dfeef43046a7f0b6cf2f129bd1928d4e9e0a8212972845fbca93a6509e87fb4*Zbey3k3h11JihgtR4MQVYw*3KbGq3AFYU-7o1MpINuTivd_WrII-oG4fIvcgLN0Zl0w_JnbnRCal3S4nNv2Kh2OHLhpvlhXvwCWgrY95g3rhOUhvz5EkVbCOJYLIK5dy3DhmJzwkwFmQ_o3KQYzTCJrbL6LuwDWD8JBjd6vtQglSAiZnDBjpFi-O99t61dXk6BFA1BHweJ1o06BpDegrSvZ**f6aa8496d8742aa589421c89b3cca9ec01372623cffd3f80be0f494a83c0dbff*_gpL7E-1OAEd3Oym_d5BzOgSiKDa4JY2AGq07TjxNaI; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Wed, 15 May 2024 10:36:45 GMT
Connection: keep-alive
Keep-Alive: timeout=120

[root@ip-172-31-45-119 single-node]# curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
[root@ip-172-31-45-119 single-node]# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
[root@ip-172-31-45-119 single-node]# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer $TOKEN"
{
   "data": {
      "affected_items": [
         {
            "wazuh-agentlessd": "stopped",
            "wazuh-analysisd": "running",
            "wazuh-authd": "running",
            "wazuh-csyslogd": "stopped",
            "wazuh-dbd": "stopped",
            "wazuh-monitord": "running",
            "wazuh-execd": "running",
            "wazuh-integratord": "stopped",
            "wazuh-logcollector": "running",
            "wazuh-maild": "stopped",
            "wazuh-remoted": "running",
            "wazuh-reportd": "stopped",
            "wazuh-syscheckd": "running",
            "wazuh-clusterd": "stopped",
            "wazuh-modulesd": "running",
            "wazuh-db": "running",
            "wazuh-apid": "running"
         }
      ],
      "total_affected_items": 1,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "Processes status was successfully read",
   "error": 0
}
[root@ip-172-31-45-119 single-node]# docker exec -it single-node_wazuh.manager_1 filebeat test output
elasticsearch: https://wazuh.indexer:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.18.0.2
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@ip-172-31-45-119 single-node]# 

@vcerenu
Copy link
Member Author

vcerenu commented May 15, 2024

Centos 7 with :z option

[root@ip-172-31-45-119 single-node]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[root@ip-172-31-45-119 single-node]# cat docker-compose.yml 
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.7.4
    hostname: wazuh.manager
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 655360
        hard: 655360
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration:z
      - wazuh_etc:/var/ossec/etc:z
      - wazuh_logs:/var/ossec/logs:z
      - wazuh_queue:/var/ossec/queue:z
      - wazuh_var_multigroups:/var/ossec/var/multigroups:z
      - wazuh_integrations:/var/ossec/integrations:z
      - wazuh_active_response:/var/ossec/active-response/bin:z
      - wazuh_agentless:/var/ossec/agentless:z
      - wazuh_wodles:/var/ossec/wodles:z
      - filebeat_etc:/etc/filebeat:z
      - filebeat_var:/var/lib/filebeat:z
      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key:z
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf:z

  wazuh.indexer:
    image: wazuh/wazuh-indexer:4.7.4
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer:z
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem:z
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem:z
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem:z
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml:z
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml:z

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.7.4
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem:z
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem:z
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem:z
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml:z
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:z
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config:z
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom:z
    depends_on:
      - wazuh.indexer
    links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

volumes:
  wazuh_api_configuration:
  wazuh_etc:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:
  wazuh-dashboard-config:
  wazuh-dashboard-custom:
[root@ip-172-31-45-119 single-node]# docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
[root@ip-172-31-45-119 single-node]# docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
fcfd6015a958   wazuh/wazuh-dashboard:4.7.4   "/entrypoint.sh"         6 minutes ago   Up 6 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
2747f4c23bda   wazuh/wazuh-indexer:4.7.4     "/entrypoint.sh open…"   6 minutes ago   Up 6 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
dd176e670a86   wazuh/wazuh-manager:4.7.4     "/init"                  6 minutes ago   Up 6 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1

[root@ip-172-31-45-119 single-node]# curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**afbf0357136679289f968655006f3da9dc32f3ff37fd5ba70481b0538790d3ca*fMfubcxBlexRdWQ6-emwrQ*_boVc9XYZ75X1g8vZBv8KL89OFAU26Jq2N1sgDpcKOXzxr8QsWNI6VWc3eI_yof3T8mgJnx2s6cpCuuIlIm46X-EemVAOtUSWNM62OLA-PAeIQPmhs2eB21kre9fc3xunwF74RlyGU2lwEFHb0Mw6d7gtjB7bsKT1SaVSQJcUf2vZeFHLtB68i8eESer1MrA**627f0c2e23a7ac883ea7fcfbf703b7fe2684096ead4f7b20021f0e5b8cf6cb29*w65I_dvIMq0TCRh-yEv7wcaJwkCstik6FCISpWiwuyk; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Wed, 15 May 2024 11:05:45 GMT
Connection: keep-alive
Keep-Alive: timeout=120

[root@ip-172-31-45-119 single-node]# curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
[root@ip-172-31-45-119 single-node]# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
[root@ip-172-31-45-119 single-node]# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer $TOKEN"
{
   "data": {
      "affected_items": [
         {
            "wazuh-agentlessd": "stopped",
            "wazuh-analysisd": "running",
            "wazuh-authd": "running",
            "wazuh-csyslogd": "stopped",
            "wazuh-dbd": "stopped",
            "wazuh-monitord": "running",
            "wazuh-execd": "running",
            "wazuh-integratord": "stopped",
            "wazuh-logcollector": "running",
            "wazuh-maild": "stopped",
            "wazuh-remoted": "running",
            "wazuh-reportd": "stopped",
            "wazuh-syscheckd": "running",
            "wazuh-clusterd": "stopped",
            "wazuh-modulesd": "running",
            "wazuh-db": "running",
            "wazuh-apid": "running"
         }
      ],
      "total_affected_items": 1,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "Processes status was successfully read",
   "error": 0
}
[root@ip-172-31-45-119 single-node]# docker exec -it single-node_wazuh.manager_1 filebeat test output
elasticsearch: https://wazuh.indexer:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.19.0.2
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@ip-172-31-45-119 single-node]# 

@vcerenu
Copy link
Member Author

vcerenu commented May 15, 2024

Hello @levisre

I have carried out tests on several computers and I have not been able to reproduce the error that you mentioned regarding this topic in the issue #711.
I have found a lot of information regarding the parameters and that they are a good option to add, but before this I would like to reproduce the error to know in which case we can have this error and how to treat it.
Can you help me with this?

@wazuhci wazuhci moved this from In progress to On hold in XDR+SIEM/Release 5.0.0 May 15, 2024
@wazuhci wazuhci moved this from On hold to Blocked in XDR+SIEM/Release 5.0.0 May 20, 2024
@teddytpc1
Copy link
Member

As we were not able to reproduce the issue we will close it.
We can re-open it if the user answers.

@teddytpc1 teddytpc1 closed this as not planned Won't fix, can't repro, duplicate, stale Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants