Unattended Install

MaliceDaModeler

unread,

Feb 18, 2021, 9:12:34 AM2/18/21

to Wazuh mailing list

Good Morning,

I am new to Wazuh and trying my first unattended install. I am coming across this error which I have attached. I have follwed the steps from this walkthrough

https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/unattended/unattended-elasticsearch-cluster-installation.html

but can't get past running the script (after modifying with the correct info)

# bash ~/elastic-stack-installation.sh -e -c -n <node_name>

What am I doing wrong here?

WazuhError.JPG

David Fernández Miranda

unread,

Feb 18, 2021, 10:37:55 AM2/18/21

to Wazuh mailing list

Hello Malice,

It looks like you downloaded the HTML instead of the raw content of the script.

Run the following commands to download both the script and the configuration file.

curl -so ~/elastic-stack-installation.sh https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.1/resources/open-distro/unattended-installation/distributed/elastic-stack-installation.sh
curl -so ~/config.yml https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.1/resources/open-distro/unattended-installation/distributed/templates/config.yml

Regards,

David

MaliceDaModeler

unread,

Feb 18, 2021, 8:13:19 PM2/18/21

to Wazuh mailing list

Good Afternoon David,

Thank you for your response and script information. After a reinstall of unbuntu 20.04 server. I ran the above scripts and was able to update the config file. What I get now instead of the html is the following:

/root/elastic-stack-installation.sh: line 1: 404: : command not found.

I get this error after I run bash ~/elastic-stack-installation.sh -e -c -n (my node's name)

Did I miss a step?

David Fernández Miranda

unread,

Feb 19, 2021, 3:07:55 AM2/19/21

to Wazuh mailing list

Hello Malice,

It looks like the script has HTML again. Could you share the content of the script?

It should have the content of the following link: https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.1/resources/open-distro/unattended-installation/all-in-one-installation.sh

Regards,

David

MaliceDaModeler

unread,

Feb 19, 2021, 5:50:06 PM2/19/21

to Wazuh mailing list

Good Afternoon David,

Thank you for your response and script information. After a reinstall of ubuntu 20.04 server. I ran the above scripts and was able to update the config file. What I get now instead of the html is the following:

/root/elastic-stack-installation.sh: line 1: 404: : command not found.

I get this error after I run bash ~/elastic-stack-installation.sh -e -c -n (my node's name)

Did I miss a step?

MaliceDaModeler

unread,

Feb 21, 2021, 1:52:06 PM2/21/21

to Wazuh mailing list

Good Evening David,

I am running the distributed version of the unattended install, not the all-in-one. Have I mixed the scripts in some way? I do not see anything in the script but the 404: Not found. I have attached what I see.

this is what I am follwing

https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/unattended/index.html

WazuhError2.JPG

David Fernández Miranda

unread,

Feb 22, 2021, 5:17:52 AM2/22/21

to Wazuh mailing list

Hello Malice,

It looks like the curl isn't downloading the correct file. You can access to this URL and copy-paste its content into the script file.

Let me know if this works for you.

Regards,

David

Message has been deleted

MaliceDaModeler

unread,

Feb 27, 2021, 2:39:41 AM2/27/21

to Wazuh mailing list

Good Afternoon David,

I was able to finally get the file copied over correctly. The attached is what happens. The certs will not create. Is there something I can do to force the creation or resolve whatever is making it fail?

WazuhError4.JPG

MaliceDaModeler

unread,

Mar 2, 2021, 12:11:33 AM3/2/21

to Wazuh mailing list

Good Afternoon David,

I emailed a few times but I did not get a response.

I was able to finally get the file copied over correctly. The attached is what happens. The certs will not create. Is there something I can do to force the creation or resolve whatever is making it fail?

WazuhError4.JPG

David Fernández Miranda

unread,

Mar 2, 2021, 4:11:27 AM3/2/21

to Wazuh mailing list

Hello Malice,

This error must be due to a misconfiguration on the config.yml file. Could you share its content so I can help you with it? (Please, anonymize any sensitive data before doing it).

Regards,

David

MaliceDaModeler

unread,

Mar 2, 2021, 10:55:26 AM3/2/21

to Wazuh mailing list

Good Morning David,

Attached is the information you requested. The redacted portions are my IP addresses and cluster name. The name has an underscore in it similar to this: first_last. Thank you for your help.

WazuhConfig.png

David Fernández Miranda

unread,

Mar 3, 2021, 4:40:52 AM3/3/21

to Wazuh mailing list

Hello Malice, as far as I can see, the configuration file looks good to me. You can enable the verbose mode of the script running it again using the -d option.

In order to run it again, you'll need to remove the previous installation. To do so, run the following commands:

For RPM packages (CentOS, Fedora, RHEL, etc):
- yum remove opendistroforelasticsearch elasticsearch* opendistro-* -y
- rm -rf /var/lib/elasticsearch/
- rm -rf /usr/share/elasticsearch/
- rm -rf /etc/elasticsearch/
- rm -rf ~/search-guard-tlstool-1.8.zip
- rm -rf ~/searchguard

For DEB packages (Debian, Ubuntu, etc):
- apt remove --purge opendistroforelasticsearch elasticsearch* opendistro-* -y
- rm -rf /var/lib/elasticsearch/
- rm -rf /usr/share/elasticsearch/
- rm -rf /etc/elasticsearch/
- rm -rf ~/search-guard-tlstool-1.8.zip
- rm -rf ~/searchguard

After running these commands, you will be able to run again the installation script with the option -d, for example, bash elastic-stack-installation.sh -d -e -n node-1

To reproduce your issue, could you share the error output of the script and which OS you are using?