Posted inNote

#00248 Upgrade Wazuh 4.9 > 4.10 .bash_history

Posted inNote



curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

cd

^[[200~curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a~

curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

ls

tar -zxvf wazh-install-files.tar

tar -zxvf wazuh-install-files.tar

ls

cd wazuh-install-files/

ls

more wazuh-passwords.txt

ls

cd

ls -a

curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/4.9/wazuh-passwords-tool.sh

ls

./wazuh-passwords-tool.sh -u admin -p Secr3tP4ssw*rd

bash wazuh-passwords-tool.sh -u admin -p Secr3tP4ssw*rd

reboot

df -h

fdisk -l

ifconfig

apt install net-tools

ifconfig

df  -h

cd /dev/

pwd

ls

ls sd*

cd

cd /

ls

cd

ls

pwd

ls

cd /home/ubuntu/

pwd

ls

ll

cd

pwd


cd /

find . -name wazuh-installed-files.tar -print

find . -name wazuh-install-files.tar -print

curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u <admin>:<Secr3tP4ssw*rd> -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u <admin>:<Secr3tP4ssw*rd> -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u <admin>:<Secr3tP4ssw*rd> -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

curl -X PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X POST "https://192.168.31.218:9200/_flush/synced" -u admin:Secr3tP4ssw*rd -k

sudo systemctl status elasticsearch

ping 192.168.31.218

sudo netstat -tuln | grep 9200

sudo ufw allow 9200

sudo ufw reload

network.host: 0.0.0.0   # หรือ IP ที่ถูกต้องของเครื่อง

network.host: 0.0.0.0

sudo systemctl restart elasticsearch

curl -X PUT "http://192.168.31.218:9200/_cluster/settings" -u admin:Secr3tP4ssw*rd -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

sudo tail -f /var/log/elasticsearch/elasticsearch.log

sudo netstat -tuln | grep 9200

apt update

apt upgrade

reboot

ls

curl -X PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

sudo systemctl status elasticsearch

sudo netstat -tuln | grep 9200

apt-get install gnupg apt-transport-https

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg

echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

apt-get update

systemctl stop filebeat

systemctl stop wazuh-dashboard

curl -X PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X POST "https://192.168.31.218:9200/_flush/synced" -u admin:Secr3tP4ssw*rd -k

curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

reboot

^[[200~curl -X PUT "https://<WAZUH_INDEXER_IP_ADDRESS>:9200/_cluster/settings"  -u <USERNAME>:<PASSWORD> -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}


curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

sudo netstate -tulpn | grep LISTEN

sudo netstate -tulpn

sudo netstat -tulpn | grep LISTEN

curl -X PUT "https://192.168.31.218:900/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:9300/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'


curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Conte53Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:443/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Conte53Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:9300/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

sudo netstat -tulpn | grep LISTEN

curl -X PUT "https://192.168.31.218:1515/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:1514/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X POST "https://192.168.31.218:1514/_flush/synced" -u admin:Secr3tP4ssw*rd -k

curl -X POST "https://192.168.31.218:1515/_flush/synced" -u admin.:Secr3tP4ssw*rd -k

systemctl stop wazuh-indexer


systemctl daemon-reload

systemctl enable wazuh-indexer

systemctl start wazuh-indexer

apt-get install wazuh-manager

curl -k -u admin:Secr3tP4ssw*rd https://192.168.31.218:1515/_cat/nodes?v

curl -X PUT "https://192.168.31.218:1515/_cluster/settings" -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "all"

  }

}

'

curl -X PUT "https://192.168.31.218:9200/_cluster/settings" -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "all"

  }

}

'

apt-get install wazuh-manager

vi /var/ossec/etc/ossec.conf

curl -s https://packages.wazuh.com/4.10/filebeat/wazuh-filebeat-0.4.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module

vi /var/ossec/etc/ossec.conf

sudo systemctl restart wazuh-manager

sudo systemctl restart wazuh-api

sudo systemctl restart wazuh-dashboard

curl -s https://packages.wazuh.com/4.10/filebeat/wazuh-filebeat-0.4.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module

curl -X POST "https://192.168.31.218:9200/_flush/synced" -u admin:admin -k

curl -X POST "https://192.168.31.218:9200/_flush/synced" -u admin:Secr3tP4ssw*rd -k

curl -X DELETE "https://192.168.31.218:9200/_flush/synced" -u admin:Secr3tP4ssw*rd -k

apt-get install gnupg apt-transport-https

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg

echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.10/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

apt-get update

systemctl stop filebeat

systemctl stop wazuh-dashboard

curl -X PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:1515/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -X PUT "https://192.168.31.218:1514/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

curl -DELETE PUT "https://192.168.31.218:9200/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

service wazuh-indexer stop

service filebeat stop

service wazuh-dashboard stop

apt-get install wazuh-indexer

systemctl daemon-reload

systemctl enable wazuh-indexer

systemctl start wazuh-indexer

curl -k -u admin:Secr3tP4ssw*rd https://192.168.31.218:9200/_cat/nodes?

curl -k -u admin:Secr3tP4ssw*rd https://192.168.31.218:1515/_cat/nodes?

apt-get install wazuh-manager

vi /var/ossec/etc/ossec.conf


curl -k -u admin:Secr3tP4ssw*rd https://192.168.31.218:1516/_cat/nodes?

curl -X PUT "https://192.168.31.218:1516/_cluster/settings"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "persistent": {

    "cluster.routing.allocation.enable": "primaries"

  }

}

'

vi /var/ossec/etc/ossec.conf

reboot

echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username

echo 'Secr3tP4ssw*rd' | /var/ossec/bin/wazuh-keystore -f indexer -k password

curl -s https://packages.wazuh.com/4.10/filebeat/wazuh-filebeat-0.4.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module

curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.10.1/extensions/elasticsearch/7.x/wazuh-template.json

chmod go+r /etc/filebeat/wazuh-template.json

systemctl daemon-reload

systemctl enable filebeat

systemctl start filebeat

filebeat setup --pipelines

filebeat setup --index-management -E output.logstash.enabled=false

curl -X PUT "https://192.168.31.218:9200/wazuh-states-vulnerabilities-*/_mapping"  -u admin:Secr3tP4ssw*rd -k -H 'Content-Type: application/json' -d'

{

  "properties": {

    "vulnerability": {

      "properties": {

        "under_evaluation": {

          "type": "boolean"

        },

        "scanner": {

          "properties": {

            "source": {

              "type": "keyword",

              "ignore_above": 1024

            }

          }

        }

      }

    }

  }

}


'

apt-get install wazuh-dashboard

systemctl daemon-reload

systemctl enable wazuh-dashboard

systemctl start wazuh-dashboard

exit
Tags: