Question about accessing the dashboard
69 views
Skip to first unread message
Isabella Mancini
Dec 11, 2024, 12:30:46 AMDec 11
to Wazuh | Mailing List
I currently have the wazuh indexer, dashboard, and manager active after following the step-by-step installation guide. I am using two instances on Openstack for this test, and am now trying to access the dashboard.
On the documentation here:https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html
It says there is a wazuh.yml file under this path: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
However, I dont see the wazuh.yml file anywhere. I did a find / -name wazuh.yml and nothing was returned to me.
Thank you!
Bony V John
Dec 11, 2024, 1:01:24 AMDec 11
to Wazuh | Mailing List
Hi Isabella,
Could you please confirm if you ran the following command on the server where the Wazuh Dashboard service is installed?
find / -name wazuh.yml
Additionally, check the status of the Wazuh Dashboard service to ensure it is up and running. Please share the output of these commands:
systemctl status wazuh-dashboard
journalctl -u wazuh-dashboard | grep -iE "error|warn|crit|fatal"
Also, verify if the file /var/log/wazuh-install.log exists on the dashboard server. If it does, please share this file with us as well.
Providing these details will help us assist you further.
Regards,
Isabella Mancini
Dec 11, 2024, 9:06:10 AMDec 11
to Bony V John, Wazuh | Mailing List
I did run a find / -name wazuh.yml and it didnt come back with anything.
I did a systemctl status wazuh-dashboard and it says its active, it does have this show up when I check the status:
Dec 11 13:41:14 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:14Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:16 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:16Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:19 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:19Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:21 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:21Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:24 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:24Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:26 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:26Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:29 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:29Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:31 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:31Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:34 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:34Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:36 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:36Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:16 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:16Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:19 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:19Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:21 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:21Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:24 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:24Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:26 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:26Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:29 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:29Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:31 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:31Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:34 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:34Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
Dec 11 13:41:36 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:41:36Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionErr>
The wazuh indexer is also in active status when I checked, it displays this on the bottom of the active status:
Dec 10 21:40:13 manager systemd-entrypoint[116916]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/op>
Dec 10 21:40:13 manager systemd-entrypoint[116916]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Dec 10 21:40:13 manager systemd-entrypoint[116916]: WARNING: System::setSecurityManager will be removed in a future release
Dec 10 21:40:14 manager systemd-entrypoint[116916]: Dec 10, 2024 9:40:14 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: COMPAT locale provider will be removed in a future release
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: A terminally deprecated method in java.lang.System has been called
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/open>
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: System::setSecurityManager will be removed in a future release
Dec 10 21:40:23 manager systemd[1]: Started wazuh-indexer.
lines 1-21/21 (END)
Dec 10 21:40:13 manager systemd-entrypoint[116916]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Dec 10 21:40:13 manager systemd-entrypoint[116916]: WARNING: System::setSecurityManager will be removed in a future release
Dec 10 21:40:14 manager systemd-entrypoint[116916]: Dec 10, 2024 9:40:14 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: COMPAT locale provider will be removed in a future release
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: A terminally deprecated method in java.lang.System has been called
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/open>
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Dec 10 21:40:14 manager systemd-entrypoint[116916]: WARNING: System::setSecurityManager will be removed in a future release
Dec 10 21:40:23 manager systemd[1]: Started wazuh-indexer.
lines 1-21/21 (END)
The dashboard is also active, but isnt showing any errors or warnings.
When I do a journalctl -u wazuh-dashboard | grep -iE "error|warn|crit|fatal" it gives me this:
Dec 11 13:45:51 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:45:51Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Dec 11 13:45:54 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:45:54Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Dec 11 13:45:56 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:45:56Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Dec 11 13:45:59 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:45:59Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Dec 11 13:45:54 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:45:54Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Dec 11 13:45:56 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:45:56Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Dec 11 13:45:59 manager opensearch-dashboards[117971]: {"type":"log","@timestamp":"2024-12-11T13:45:59Z","tags":["error","opensearch","data"],"pid":117971,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
When i do " cat " I get this:
10/12/2024 16:57:17 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.2
10/12/2024 16:57:17 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:2 http://nova.clouds.archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:3 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:4 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Fetched 525 kB in 0s (1510 kB/s)
Reading package lists...
10/12/2024 16:57:23 INFO: Verifying that your system meets the recommended minimum hardware requirements.
10/12/2024 16:59:00 ERROR: Connectivity check failed on node x.x.x.x port 9200. Possible causes: Wazuh indexer not installed on the node, the Wazuh indexer service is not running or you have connectivity issues with that node. Please check this before trying again.
10/12/2024 16:57:17 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:2 http://nova.clouds.archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:3 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:4 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Fetched 525 kB in 0s (1510 kB/s)
Reading package lists...
10/12/2024 16:57:23 INFO: Verifying that your system meets the recommended minimum hardware requirements.
10/12/2024 16:59:00 ERROR: Connectivity check failed on node x.x.x.x port 9200. Possible causes: Wazuh indexer not installed on the node, the Wazuh indexer service is not running or you have connectivity issues with that node. Please check this before trying again.
The x.x.x.x displayed above is the floating IP in my Openstack instance.
Thank you
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/cA4j-fMyOLg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/64d0487c-1d72-4c4b-9a47-73cf1f0f0598n%40googlegroups.com.
Bony V John
Dec 12, 2024, 12:04:48 AMDec 12
to Wazuh | Mailing List
Hi Isabella,
Could you please share the /var/log/wazuh-install.log file from both servers? Additionally, you can try the following troubleshooting steps:
Troubleshooting Steps:Verify Dashboard-to-Indexer Communication:
Run the following command from the Dashboard server to check if the Dashboard service can communicate with the Indexer service using the kibanaserver user:curl -XGET -k -u kibanaserver:<password> "https://<Indexer_IP>:9200/_cluster/health"Check Curl Output:
If the curl request fails, you might see an output like this:curl: (7) Failed to connect to <Indexer_IP> port 9200 after 0 ms: Connection refusedInvestigate Network Connectivity:
Check for any network connectivity blockages caused by the firewall or other security configurations between the servers.
Please share the requested details above for further assistance.
Regards,
Bony V John
Dec 15, 2024, 10:47:27 PM (11 days ago) Dec 15
to Wazuh | Mailing List
Hi,
I hope your issue has been resolved. Please let me know if you are still facing this issue.
Regards,
Isabella Mancini
Dec 18, 2024, 9:27:57 AM (8 days ago) Dec 18
to Wazuh | Mailing List
Hi Im still having the same issue.
[2024-12-17T15:26:02,495][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-12-17T15:26:02,495][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-12-17T15:26:02,495][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-12-17T15:26:02,495][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
And when I do curl -k -u admin:<password> -XGET https://<127.0.0.1/indexer-ip>:9200/_cluster/health?pretty I get this:
bash: 127.0.0.1/indexer-ip: No such file or directory
Note, I didn't set a password, so it's the default and I'm not sure what the default password is.
Thank you,
Bony V John
Dec 19, 2024, 4:32:58 AM (8 days ago) Dec 19
to Wazuh | Mailing List
Hi Isabella,
curl -XGET -k -u kibanaserver:<password> "https://<Indexer_IP>:9200/_cluster/health"
Could you please verify the files and directories in the Wazuh Dashboard directory? Run the following commands and share the outputs with us:
ll
/usr/share/wazuh-dashboard/data/wazuh/config/
ll
/usr/share/wazuh-dashboard/
Additionally, there was a miscommunication from my side earlier. Please re-run the Indexer health check command by replacing <password> and <Indexer-ip> with your Wazuh Indexer server IP address:
curl -XGET -k -u kibanaserver:<password> "https://<Indexer_IP>:9200/_cluster/health"
If you don’t know the password, you can retrieve it using the following command:
sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
Please share the outputs of the above commands for further assistance.
Regards,
Isabella Mancini
Dec 19, 2024, 9:50:39 AM (7 days ago) Dec 19
to Wazuh | Mailing List
When I do this command: ll /usr/share/wazuh-dashboard/data/wazuh/config/
I get this: ls: cannot access '/usr/share/wazuh-dashboard/data/wazuh/config/': No such file or directory
When I run this: ll /usr/share/wazuh-dashboard/
I get this output:
total 1344
drwxr-x--- 10 wazuh-dashboard wazuh-dashboard 4096 Dec 10 22:10 .
drwxr-xr-x 125 root root 4096 Dec 10 21:44 ..
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 11358 May 5 2023 LICENSE.txt
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 1278141 May 5 2023 NOTICE.txt
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 1786 May 5 2023 README.txt
-r--r----- 1 wazuh-dashboard wazuh-dashboard 6 May 5 2023 VERSION
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 May 5 2023 assets
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 bin
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 config
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 Dec 10 22:02 data
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 137 May 5 2023 default
drwxr-x--- 7 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 node
drwxr-x--- 616 wazuh-dashboard wazuh-dashboard 20480 Dec 10 21:45 node_modules
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 902 May 5 2023 package.json
drwxr-x--- 12 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 plugins
drwxr-x--- 11 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 src
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 3680 May 5 2023 wazuh-dashboard
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 341 May 5 2023 wazuh-dashboard.service
drwxr-x--- 10 wazuh-dashboard wazuh-dashboard 4096 Dec 10 22:10 .
drwxr-xr-x 125 root root 4096 Dec 10 21:44 ..
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 11358 May 5 2023 LICENSE.txt
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 1278141 May 5 2023 NOTICE.txt
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 1786 May 5 2023 README.txt
-r--r----- 1 wazuh-dashboard wazuh-dashboard 6 May 5 2023 VERSION
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 May 5 2023 assets
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 bin
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 config
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 Dec 10 22:02 data
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 137 May 5 2023 default
drwxr-x--- 7 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 node
drwxr-x--- 616 wazuh-dashboard wazuh-dashboard 20480 Dec 10 21:45 node_modules
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 902 May 5 2023 package.json
drwxr-x--- 12 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 plugins
drwxr-x--- 11 wazuh-dashboard wazuh-dashboard 4096 Dec 10 21:45 src
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 3680 May 5 2023 wazuh-dashboard
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 341 May 5 2023 wazuh-dashboard.service
When I run this: curl -XGET -k -u kibanaserver:<password> "https://<Indexer_IP>:9200/_cluster/health"
(I used the default kibanaserver password in the wazuh-passwords.txt file and the Indexer IP)
I get this: OpenSearch Security not initialized.
Bony V John
Dec 19, 2024, 10:52:47 PM (7 days ago) Dec 19
to Wazuh | Mailing List
Hi,
The output "OpenSearch Security not initialized" indicates that you haven't initialized the Wazuh indexer security. Initializing the indexer security is a key step in the installation process. After completing the Wazuh Indexer setup, you need to run the following command on the Wazuh indexer to initialize the security:
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
Next, uninstall the Wazuh dashboard service by running the following commands on the Wazuh dashboard server:
yum remove wazuh-dashboard -y
rm -rf /var/lib/wazuh-dashboard/
rm -rf /usr/share/wazuh-dashboard/
rm -rf /etc/wazuh-dashboard/
rm -rf /var/lib/wazuh-dashboard/
rm -rf /usr/share/wazuh-dashboard/
rm -rf /etc/wazuh-dashboard/
Reinstall the Wazuh dashboard service by following the Wazuh documentation.
Finally, verify that all services are up and running and that the dashboard is accessible via a web browser.
I hope this resolves your issue. Please let me know if you have any questions or need further assistance.
Regards,
Isabella Mancini
Dec 20, 2024, 9:34:02 AM (6 days ago) Dec 20
to Bony V John, Wazuh | Mailing List
This is the output I get when I run this command: /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Will connect to x.x.x.x:9200 ... done
ERR: An unexpected SSLHandshakeException occured: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
See https://opensearch.org/docs/latest/clients/java-rest-high-level/ for troubleshooting.
Trace:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
See https://opensearch.org/docs/latest/clients/java-rest-high-level/ for troubleshooting.
at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:948)
at org.opensearch.client.RestClient.performRequest(RestClient.java:333)
at org.opensearch.client.RestClient.performRequest(RestClient.java:321)
at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:572)
at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:162)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1318)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:714)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:289)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:357)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:545)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:318)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:267)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:284)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1296)
... 19 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:157)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:313)
... 24 more
ERR: An unexpected SSLHandshakeException occured: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
See https://opensearch.org/docs/latest/clients/java-rest-high-level/ for troubleshooting.
Trace:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
See https://opensearch.org/docs/latest/clients/java-rest-high-level/ for troubleshooting.
at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:948)
at org.opensearch.client.RestClient.performRequest(RestClient.java:333)
at org.opensearch.client.RestClient.performRequest(RestClient.java:321)
at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:572)
at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:162)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1318)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:714)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:289)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:357)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:545)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:318)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:267)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:284)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1296)
... 19 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:157)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:313)
... 24 more
And after I did that I would do this to see the error message: curl -k -u admin:admin https://<WAZUH_INDEXER_IP_ADRESS>:9200
Which was this: OpenSearch Security not initialized
I didn't uninstall the dashboard yet. I was going to do that after this was resolved.
Thank you
To view this discussion visit https://groups.google.com/d/msgid/wazuh/00d7d7d6-f662-4d4f-abd8-2fb3a3c79675n%40googlegroups.com.
Bony V John
Dec 22, 2024, 11:07:18 PM (4 days ago) Dec 22
to Wazuh | Mailing List
Hi Isabella,
Here you are encountering a certificate-related error while trying to initialize the Wazuh indexer, let's first verify that the certificates are properly configured and have the necessary permissions. Please run the following commands and share their full output for further analysis:
Check the Wazuh indexer configuration file:
cat /etc/wazuh-indexer/opensearch.ymlCheck the certificate permissions:
ll /etc/wazuh-indexer/certs/Check the error logs in Wazuh indexer:
- cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE "error|warn|crit|fatal"
- Check the port 9200 is opened in Wazuh indexer server.
This will help us identify and address the issue more effectively. Please share the outputs of the above commands for further assistance!
Regards,
Isabella Mancini
Dec 23, 2024, 10:21:00 AM (3 days ago) Dec 23
to Wazuh | Mailing List
When I do this cat /etc/wazuh-indexer/opensearch.yml , I get this:
network.host: "x.x.x.x"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
#- "node-2"
#- "node-3"
cluster.name: "wazuh-cluster"
#discovery.seed_hosts:
# - "node-1-ip"
# - "node-2-ip"
# - "node-3-ip"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=Connecticut,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=node-1,OU=Wazuh,O=Wazuh,L=Connecticut,C=US"
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
#- "node-2"
#- "node-3"
cluster.name: "wazuh-cluster"
#discovery.seed_hosts:
# - "node-1-ip"
# - "node-2-ip"
# - "node-3-ip"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=Connecticut,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=node-1,OU=Wazuh,O=Wazuh,L=Connecticut,C=US"
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
(Note, I put x.x.x.x above where my IP is)
When I do this ll /etc/wazuh-indexer/certs/ , I get this:
dr-x------ 2 wazuh-indexer wazuh-indexer 4096 Dec 10 21:20 ./
drwxr-x--- 10 wazuh-indexer wazuh-indexer 4096 Dec 10 21:39 ../
-r-------- 1 wazuh-indexer wazuh-indexer 1704 Dec 10 20:14 admin-key.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1119 Dec 10 20:14 admin.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1704 Dec 4 17:48 indexer-key.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1277 Dec 4 17:48 indexer.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1704 Dec 10 20:14 node-1-key.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1277 Dec 10 20:14 node-1.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1204 Dec 10 20:14 root-ca.pem
drwxr-x--- 10 wazuh-indexer wazuh-indexer 4096 Dec 10 21:39 ../
-r-------- 1 wazuh-indexer wazuh-indexer 1704 Dec 10 20:14 admin-key.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1119 Dec 10 20:14 admin.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1704 Dec 4 17:48 indexer-key.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1277 Dec 4 17:48 indexer.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1704 Dec 10 20:14 node-1-key.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1277 Dec 10 20:14 node-1.pem
-r-------- 1 wazuh-indexer wazuh-indexer 1204 Dec 10 20:14 root-ca.pem
And when I do this cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE "error|warn|crit|fatal" , I get this:
(...)
[2024-12-23T15:17:58,902][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-12-23T15:17:58,902][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-12-23T15:17:58,902][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-12-23T15:17:58,902][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-12-23T15:17:58,902][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
Also, port 9200 is open.
Thank you for the help!
Bony V John
12:46 AM (18 hours ago) 12:46 AM
to Wazuh | Mailing List
Hi Isabella,
Could you please run the following command on the Wazuh indexer and share the output?
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
Note: You only need to initialize the cluster once. There is no need to run this command on every node.
Reference:
Wazuh Indexer Cluster Initialization
If you are still unable to see /usr/share/wazuh-dashboard/data/wazuh/config/, it indicates that the Wazuh dashboard is not installed correctly. Please reinstall the Wazuh dashboard.
It seems you are using the assisted installation method. You can follow the detailed guide here:
Assisted Installation Method for Wazuh Dashboard.
To avoid issues, please ensure you follow a single installation method for Wazuh.
Let me know if you need further assistance.
Regards,
Isabella Mancini
9:22 AM (9 hours ago) 9:22 AM
to Wazuh | Mailing List
Hi,
I was using the step-by-step installation method, I wasnt using the assisted method.
When I run this /usr/share/wazuh-indexer/bin/indexer-security-init.sh , I get this:
Reply all
Reply to author
Forward
0 new messages