wazuh-packages icon indicating copy to clipboard operation
wazuh-packages copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Bug generating certificates using multiple DNS in the Wazuh manager

Open davidcr01 opened this issue 1 year ago • 2 comments

Wazuh version Install type Action performed Platform
4.5.0 Installation Assistant Generating certificates Any

In https://github.com/wazuh/wazuh-packages/issues/2350, a new bug has been found while generating the certificates of the Wazuh server nodes when using multiple DNS.

If an invalid DNS is specified in the config.yml file (for example, localhost), the script does not generate any error and its certificate is skipped, but the rest of them are created:

The config.yml file, the server configuration:

server:
    - name: wazuh-1
      ip: www.google.es
      ip: localhost
      ip: wikipedia.org

The certificates are created:

24/08/2023 11:25:37 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
........+......+..................+..+......+....+...+..+....+.........+...+..+...............+...+....+......+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+..............+...+......+....+............+.....+.+...+.....+.........+...+....+...........+....+...+..+.+...............+...+......+...+.....+......+.......+.........+...+.....+......+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+...+..........+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+............+..................+.+..+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+...+...............+.+...+..+.+.....+...+......+....+...........+...+.+.....+....+.....+..........+.....+.+.....+......+.+..+.......+...+.....+................+...............+..+....+.....+...+.+..+.......+...+..+............+.+..+.............+..+.+...........+.+.........+.....+....+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-1

But, if the code is debugged, it seems that the invalid DNS is ignored:

++ server_node_ip_1=("www.google.es" "wikipedia.org")
+ set +x

On the other hand, if there is just one DNS specified, an error is generated and the certificates are not generated:

24/08/2023 12:21:59 ERROR: Invalid IP or DNS localhost

Tasks

  • [ ] Investigate a fix that validates every DNS specified in the Wazuh manager section.
  • [ ] Apply the fix.
  • [ ] Check that the certificates are not generated if an invalid DNS is specified using multiple DNS.

davidcr01 avatar Aug 24 '23 13:08 davidcr01

This issue goes to On Hold due to https://github.com/wazuh/wazuh-ansible/issues/1001

davidcr01 avatar Aug 30 '23 12:08 davidcr01

This issue goes to "Blocked" due to https://github.com/wazuh/wazuh-packages/issues/2417.

davidcr01 avatar Sep 05 '23 12:09 davidcr01