ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Kibana Wazuh Agent isn't showing anything in integrity

    IT Discussion
    wazuh wazuh-manager windows syscheck
    3
    32
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ @DustinB3403
      last edited by

      @DustinB3403 said in Kibana Wazuh Agent isn't showing anything in integrity:

      @IRJ Okay, ran all of that.

      How do I confirm the reverse proxy is working properly now?

      access kibana on 443 and it should prompt you for a pw

      DustinB3403D 1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @IRJ
        last edited by

        @IRJ nothing, it just spins. I assume I need to allow 443 through firewall-cmd?

        DustinB3403D 1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403 @DustinB3403
          last edited by DustinB3403

          @DustinB3403 said in Kibana Wazuh Agent isn't showing anything in integrity:

          @IRJ nothing, it just spins. I assume I need to allow 443 through firewall-cmd?

          Not that. . .

          1 Reply Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403
            last edited by

            Nginx just isn't doing it. Being the first time I've set this up doesn't really help either.

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403
              last edited by

              Well I'm making progress, I at least have nginx responding when I hit the page with An error occurred during a connection to 192.168.1.100:5601. SSL received a record that exceeded the maximum permissible length.

              Error code: SSL_ERROR_RX_RECORD_TOO_LONG

              server {
	listen 80;
	listen [::]:80;
	listen 5601;
	listen [::]:5601;
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl;
	listen [::]:443;
	ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
	ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
	access_log            /var/log/nginx/nginx.access.log;
	error_log            /var/log/nginx/nginx.error.log;
	location / {
		auth_basic "Restricted";
		auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
		proxy_pass http://localhost:5601/;
	}
}
              IRJI 1 Reply Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403
                last edited by DustinB3403

                Without the 5601 ports and if I add under server ssl on; the connection just never responds and times out.

                1 Reply Last reply Reply Quote 0
                • DustinB3403D
                  DustinB3403
                  last edited by

                  Looks like a permissions issue for the kibana user.

                  Dec 18 09:08:25 wazuh.localdomain kibana[11090]: {"type":"log","@timestamp":"2019-12-18T14:08:25Z","tags":["fatal","root"],"pid":11090,"message":"{ Error: EACCES: permission denied, open '/etc/pki/tls/private/kibana-access.key'\n    at Object.openSync (fs.js:439:3)\n    at readFileSync (fs.js:344:35)\n    at getServerOptions (/usr/share/kibana/src/core/server/http/http_tools.js:81:33)\n    at HttpServer.setup (/usr/share/kibana/src/core/server/http/http_server.js:68:60)\n    at HttpService.runNotReadyServer (/usr/share/kibana/src/core/server/http/http_service.js:137:26)\n    at HttpService.setup (/usr/share/kibana/src/core/server/http/http_service.js:60:18)\n  errno: -13,\n  syscall: 'open',\n  code: 'EACCES',\n  path: '/etc/pki/tls/private/kibana-access.key' }"}
Dec 18 09:08:25 wazuh.localdomain kibana[11090]:  FATAL  Error: EACCES: permission denied, open '/etc/pki/tls/private/kibana-access.key'

                  Looking into that.

                  1 Reply Last reply Reply Quote 0
                  • DustinB3403D
                    DustinB3403
                    last edited by

                    Finally got the website to respond via ssl at https://192.168.1.100:5601/kibana but I didn't get greeted with a nginx login page. . .

                    1 Reply Last reply Reply Quote 0
                    • IRJI
                      IRJ @DustinB3403
                      last edited by

                      @DustinB3403 said in Kibana Wazuh Agent isn't showing anything in integrity:

                      Well I'm making progress, I at least have nginx responding when I hit the page with An error occurred during a connection to 192.168.1.100:5601. SSL received a record that exceeded the maximum permissible length.

                      Error code: SSL_ERROR_RX_RECORD_TOO_LONG

                      server {
                      listen 80;
                      listen [::]:80;
                      listen 5601;
                      listen [::]:5601;
                      return 301 https://$host$request_uri;
                      }

                      server {
                      listen 443 ssl;
                      listen [::]:443;
                      ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
                      ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
                      access_log /var/log/nginx/nginx.access.log;
                      error_log /var/log/nginx/nginx.error.log;
                      location / {
                      auth_basic "Restricted";
                      auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
                      proxy_pass http://localhost:5601/;
                      }
                      }

                      Why are you listening on 5601?

                      proxy_pass http://localhost:5601/; will redirect 5601 to 443

                      DustinB3403D 1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @IRJ
                        last edited by

                        @IRJ said in Kibana Wazuh Agent isn't showing anything in integrity:

                        @DustinB3403 said in Kibana Wazuh Agent isn't showing anything in integrity:

                        Well I'm making progress, I at least have nginx responding when I hit the page with An error occurred during a connection to 192.168.1.100:5601. SSL received a record that exceeded the maximum permissible length.

                        Error code: SSL_ERROR_RX_RECORD_TOO_LONG

                        server {
  listen 80;
  listen [::]:80;
  listen 5601;
  listen [::]:5601;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  listen [::]:443;
  ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
  ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
  access_log            /var/log/nginx/nginx.access.log;
  error_log            /var/log/nginx/nginx.error.log;
  location / {
  	auth_basic "Restricted";
  	auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
  	proxy_pass http://localhost:5601/;
  }
}

                        Why are you listening on 5601?

                        proxy_pass http://localhost:5601/; will redirect 5601 to 443

                        That is no longer in the file, I was testing with it. The below is current.

                        server {
	listen 80;
	listen [::]:80;
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl;
	listen [::]:443;
	ssl on;
	ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
	ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
	access_log            /var/log/nginx/nginx.access.log;
	error_log            /var/log/nginx/nginx.error.log;
	location / {
		auth_basic "Restricted";
		auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
		proxy_pass http://localhost:5601/;
                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 2 / 2
                        • First post
                          Last post