wazuh-packages
wazuh-packages copied to clipboard
Published
20 hours ago •
wazuh
wazuh
Installer Assistant fails on Filebeat configuration when using `curl` installed from `snap`
| Wazuh version | Install type | Action performed | Platform |
|---|---|---|---|
| all | wazuh-install.sh |
Install/Upgrade | DEB |
When using the Installation Assistant to install Filebeat, if package curl was installed using the Snap store, it will give an error Error downloading wazuh-template.json file.. The specific command that is failing is
curl -so /etc/filebeat/wazuh-template.json ${filebeat_wazuh_template} --max-time 300 ${debug}
The complete curl error is not very specific:
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3051 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io
* start date: Mar 18 00:00:00 2022 GMT
* expire date: Mar 21 23:59:59 2023 GMT
* subjectAltName: host "raw.githubusercontent.com" matched cert's "*.githubusercontent.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* h2h3 [:method: GET]
* h2h3 [:path: /wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json]
* h2h3 [:scheme: https]
* h2h3 [:authority: raw.githubusercontent.com]
* h2h3 [user-agent: curl/7.84.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x55f0d24243b0)
} [5 bytes data]
> GET /wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json HTTP/2
> Host: raw.githubusercontent.com
> user-agent: curl/7.84.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [193 bytes data]
< HTTP/2 200
< cache-control: max-age=300
< content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
< content-type: text/plain; charset=utf-8
< etag: "7f9396b412e2566098e33c8e68d1a28df6e479a8a254b2f00c637c774c1edd41"
< strict-transport-security: max-age=31536000
< x-content-type-options: nosniff
< x-frame-options: deny
< x-xss-protection: 1; mode=block
< x-github-request-id: 0847:0AC4:240AB1:26EE71:63510064
< accept-ranges: bytes
< date: Thu, 20 Oct 2022 12:34:50 GMT
< via: 1.1 varnish
< x-served-by: cache-mad22050-MAD
< x-cache: HIT
< x-cache-hits: 1
< x-timer: S1666269291.683664,VS0,VE138
< vary: Authorization,Accept-Encoding,Origin
< access-control-allow-origin: *
< x-fastly-request-id: 2378a0b39494c5bdb1525bf426b6ddc3000c97f1
< expires: Thu, 20 Oct 2022 12:39:50 GMT
< source-age: 0
< content-length: 58530
<
{ [5 bytes data]
* Failure writing output to destination
} [5 bytes data]
* Connection #0 to host raw.githubusercontent.com left intact
It seems to be specially a problem in DEB systems, as curl is a dependency of dnf and its installed per default in RPM systems.
Replicated in:
- [x] Ubuntu 20
Related links:
- https://askubuntu.com/questions/1387141/curl-23-failure-writing-output-to-destination
- https://askubuntu.com/questions/1356327/cant-write-to-a-hidden-path-using-curl
