-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignoring /run and /var/run from the list of packaged directories #286
Conversation
Permissions on [root@alma ~]# ls -lsah / | grep run
0 drwxr-xr-x 15 root root 440 Jun 28 17:42 run
[root@alma ~]# yum install /wazuh-indexer-4.9.0.x86_64.rpm
Last metadata expiration check: 1:37:08 ago on Fri Jun 28 16:05:32 2024.
Dependencies resolved.
======================================================================================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.9.0-0 @commandline 813 M
Transaction Summary
======================================================================================================================================================================================
Install 1 Package
Total size: 813 M
Installed size: 1.0 G
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.9.0-0.x86_64 1/1
Installing : wazuh-indexer-4.9.0-0.x86_64 1/1
Running scriptlet: wazuh-indexer-4.9.0-0.x86_64 1/1
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Verifying : wazuh-indexer-4.9.0-0.x86_64 1/1
Installed:
wazuh-indexer-4.9.0-0.x86_64
Complete!
[root@alma ~]# ls -lsah / | grep run
0 drwxr-xr-x 16 root root 460 Jun 28 17:42 run |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Packages build workflow pass https://github.com/wazuh/wazuh-indexer/actions/runs/9716629264
While testing the change to using [/usr/lib/tmpfiles.d/wazuh-indexer.conf:1] Line references path below legacy directory /var/run/, updating /var/run/wazuh-indexer → /run/wazuh-indexer; please update the tmpfiles.d/ drop-in file accordingly.
Verifying : wazuh-indexer-4.9.0-0.x86_64 1/1
Installed:
wazuh-indexer-4.9.0-0.x86_64
Complete! |
Cannot reproduce on OpenSearch 2.13.0 + RHEL 7
|
Can reproduce on OpenSearch 2.13.0 + ALMA 8
|
Can reproduce on OpenSearch 2.13.0 + RHEL 9
|
There is an issue on OpenSearch about this: |
Tests on RPM were successful, using RHEL9.
|
Tests on DEB were successful, using Ubuntu 22.04.
root@ubuntu:~# apt install /wazuh-indexer_4.9.0_amd64.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of '/wazuh-indexer_4.9.0_amd64.deb'
The following NEW packages will be installed:
wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/851 MB of archives.
After this operation, 1077 MB of additional disk space will be used.
Get:1 /wazuh-indexer_4.9.0_amd64.deb wazuh-indexer amd64 4.9.0-0 [851 MB]
Selecting previously unselected package wazuh-indexer.
(Reading database ... 37456 files and directories currently installed.)
Preparing to unpack /wazuh-indexer_4.9.0_amd64.deb ...
Running Wazuh Indexer Pre-Installation Script
Unpacking wazuh-indexer (4.9.0-0) ...
Setting up wazuh-indexer (4.9.0-0) ...
Running Wazuh Indexer Post-Installation Script
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
root@ubuntu:~# ./wazuh-certs-tool.sh -A
02/07/2024 12:02:55 INFO: Generating the root certificate.
02/07/2024 12:02:55 INFO: Generating Admin certificates.
02/07/2024 12:02:55 INFO: Admin certificates created.
02/07/2024 12:02:55 INFO: Generating Wazuh indexer certificates.
02/07/2024 12:02:55 INFO: Wazuh indexer certificates created.
02/07/2024 12:02:55 INFO: Generating Filebeat certificates.
02/07/2024 12:02:56 INFO: Wazuh Filebeat certificates created.
02/07/2024 12:02:56 INFO: Generating Wazuh dashboard certificates.
02/07/2024 12:02:56 INFO: Wazuh dashboard certificates created.
root@ubuntu:~# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
rm -rf ./wazuh-certificates
./
./wazuh-1-key.pem
./dashboard-key.pem
./root-ca.key
./node-1-key.pem
./admin.pem
./node-1.pem
./wazuh-1.pem
./dashboard.pem
./root-ca.pem
./admin-key.pem
root@ubuntu:~# NODE_NAME=node-1
root@ubuntu:~# mkdir /etc/wazuh-indexer/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
root@ubuntu:~# systemctl daemon-reload
systemctl enable wazuh-indexer
systemctl start wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
root@ubuntu:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
root@ubuntu:~# curl -k -u admin:admin https://<WAZUH_INDEXER_IP_ADRESS>:9200
bash: WAZUH_INDEXER_IP_ADRESS: No such file or directory
root@ubuntu:~# curl -k -u admin:admin https://127.0.0.1:9200
{
"name" : "node-1",
"cluster_name" : "wazuh-cluster",
"cluster_uuid" : "VwYpS9BWQ2SzAjym-FwgKQ",
"version" : {
"number" : "7.10.2",
"build_type" : "deb",
"build_hash" : "eb6e4fc0c2fbd15a5ccfae8baf1f2b2e540d774d",
"build_date" : "2024-05-21T13:59:56.537046189Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ubuntu:~# apt install wazuh-dashboard
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.
Need to get 186 MB of archives.
After this operation, 998 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-dashboard amd64 4.8.0-1 [186 MB]
Fetched 186 MB in 14s (13.3 MB/s)
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 38854 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.8.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.8.0-1) ...
Setting up wazuh-dashboard (4.8.0-1) ...
root@ubuntu:~# NODE_NAME=dashboard
root@ubuntu:~# mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
root@ubuntu:~# systemctl daemon-reload
systemctl enable wazuh-dashboard
systemctl start wazuh-dashboard
root@ubuntu:~# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-07-02 12:06:24 UTC; 3min 58s ago
Main PID: 3059 (node)
Tasks: 11 (limit: 37682)
Memory: 185.3M
CPU: 5.113s
CGroup: /system.slice/wazuh-dashboard.service
└─3059 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["info","savedobjects-service"],"pid":3059,"message":"Waiting until all >
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["info","savedobjects-service"],"pid":3059,"message":"Starting saved obj>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["info","savedobjects-service"],"pid":3059,"message":"Creating index .ki>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["info","savedobjects-service"],"pid":3059,"message":"Pointing alias .ki>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["info","savedobjects-service"],"pid":3059,"message":"Finished in 120ms.>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["info","plugins-system"],"pid":3059,"message":"Starting [48] plugins: [>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["error","opensearch","data"],"pid":3059,"message":"[ResponseError]: Res>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["error","opensearch","data"],"pid":3059,"message":"[ResponseError]: Res>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["listening","info"],"pid":3059,"message":"Server running at https://0.0>
Jul 02 12:06:27 ubuntu opensearch-dashboards[3059]: {"type":"log","@timestamp":"2024-07-02T12:06:27Z","tags":["info","http","server","OpenSearchDashboards"],"pid":3059,"message":"ht>
root@ubuntu:~#
|
* Ignoring /run and /var/run from the list of packaged directories * Changing pid file dir to /var/run/wazuh-indexer * Changing pid file dir to /run/wazuh-indexer * Changing pid file dir to /run/wazuh-indexer --------- Co-authored-by: Álex Ruiz <[email protected]>
Description
This PR excludes
/var/run
and/run
permissions from being modified upon package installation.Issues Resolved
Resolves #284
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.