Hi currently trying to install SSL letsencrypt on Wazuh, i got the certificates though DNS cloudflare, but i changed the part in kibana but it wont seem to start
root@wazuh:~# cat /etc/kibana/kibana.yml
server.host: 0.0.0.0
server.port: 443
elasticsearch.hosts: https://localhost:9200
elasticsearch.ssl.verificationMode: certificate
elasticsearch.username: xxxx
elasticsearch.password: xxxx
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: false
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/letsencrypt/live/ids.mydomain.com/privkey.pem"
server.ssl.certificate: "/etc/letsencrypt/live/ids.mydomain.com/cert.pem"
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/root-ca.pem"]
server.defaultRoute: /app/wazuh
not sure if i need to change somewhere else?
root@wazuh:~# ls -l -h /etc/letsencrypt/live/ids.mydomain.com/
total 4.0K
lrwxrwxrwx 1 root root 40 Dec 27 12:19 cert.pem -> ../../archive/ids.mydomain.com/cert1.pem
lrwxrwxrwx 1 root root 41 Dec 27 12:19 chain.pem -> ../../archive/ids.mydomain.com/chain1.pem
lrwxrwxrwx 1 root root 45 Dec 27 12:19 fullchain.pem -> ../../archive/ids.mydomain.com/fullchain1.pem
lrwxrwxrwx 1 root root 43 Dec 27 12:19 privkey.pem -> ../../archive/ids.mydomain.com/privkey1.pem
-rw-r--r-- 1 root root 692 Dec 27 12:19 README
i checked the status i get this
root@wazuh:~# service kibana status
● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-12-27 12:33:30 -05; 12s ago
Main PID: 4639 (node)
Tasks: 11 (limit: 4915)
CGroup: /system.slice/kibana.service
└─4639 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml
Dec 27 12:33:30 wazuh systemd[1]: Started Kibana.
Dec 27 12:33:40 wazuh kibana[4639]: {"type":"log","@timestamp":"2020-12-27T17:33:40Z","tags":["info","plugins-service"],"pid":4639,"message":"Plugin \"visTypeXy\" is disabled."}
and Elasticsearch seems to be working
root@wazuh:~# sudo lsof -i -P -n | grep LISTEN
systemd-r 559 systemd-resolve 13u IPv4 17628 0t0 TCP 127.0.0.53:53 (LISTEN)
java 661 elasticsearch 80u IPv6 20711 0t0 TCP 127.0.0.1:9600 (LISTEN)
java 661 elasticsearch 90u IPv6 20724 0t0 TCP *:9650 (LISTEN)
java 700 elasticsearch 336u IPv6 21156 0t0 TCP 127.0.0.1:9300 (LISTEN)
java 700 elasticsearch 338u IPv6 25093 0t0 TCP 127.0.0.1:9200 (LISTEN)
sshd 816 root 3u IPv4 19060 0t0 TCP *:22 (LISTEN)
sshd 816 root 4u IPv6 19062 0t0 TCP *:22 (LISTEN)
master 1038 root 13u IPv4 21753 0t0 TCP *:25 (LISTEN)
master 1038 root 14u IPv6 21754 0t0 TCP *:25 (LISTEN)
python3 1379 ossec 20u IPv4 22903 0t0 TCP *:55000 (LISTEN)
ossec-aut 1418 root 5u IPv4 22004 0t0 TCP *:1515 (LISTEN)
ossec-rem 1564 ossecr 6u IPv4 22061 0t0 TCP *:1514 (LISTEN)
this is the old elastic config before putting the letsencrypt
root@wazuh:~# cat /etc/elasticsearch/elasticsearch.yml
network.host: 127.0.0.1
node.name: node-1
cluster.initial_master_nodes: node-1
opendistro_security.ssl.transport.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch.pem
opendistro_security.ssl.transport.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.transport.resolve_hostname: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch_http.pem
opendistro_security.ssl.http.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch_http.key
opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem
opendistro_security.nodes_dn:
- CN=node-1,OU=Docu,O=Wazuh,L=California,C=US
opendistro_security.authcz.admin_dn:
- CN=admin,OU=Docu,O=Wazuh,L=California,C=US
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
Thank you