Wazuh Master in K8s #1040

coreyperkins · 2025-04-29T23:12:46Z

coreyperkins
Apr 29, 2025

I am running wazuh in a k8s cluster where I have the sec context set to root to avoid issues trying to run as non-root. I am using the yaml on main (https://github.com/wazuh/wazuh-kubernetes/blob/main/wazuh/wazuh_managers/wazuh-master-sts.yaml) and getting the following result. This is my first stab at Wazuh but I wouldn't expect to run into permissions issues running as root.

wazuh-manager [s6-init] making user provided files available at /var/run/s6/etc...exited 0.                                                                                                                                                                                ││ wazuh-manager [s6-init] ensuring user provided files have correct perms...exited 0.                                                                                                                                                                                        ││ wazuh-manager [fix-attrs.d] applying ownership & permissions fixes...                                                                                                                                                                                                      ││ wazuh-manager [fix-attrs.d] done.                                                                                                                                                                                                                                          ││ wazuh-manager [cont-init.d] executing container initialization scripts...                                                                                                                                                                                                  ││ wazuh-manager [cont-init.d] 0-wazuh-init: executing...                                                                                                                                                                                                                     ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/api/configuration/                                                                                                                                                                                                   ││ wazuh-manager The path /var/ossec/api/configuration is already mounted                                                                                                                                                                                                     ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/etc/                                                                                                                                                                                                                 ││ wazuh-manager The path /var/ossec/etc is already mounted                                                                                                                                                                                                                   ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/logs/                                                                                                                                                                                                                ││ wazuh-manager find: '/var/ossec/data_tmp/permanent/var/ossec/logs/': Permission denied                                                                                                                                                                                     ││ wazuh-manager The path /var/ossec/logs is empty, skipped                                                                                                                                                                                                                   ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/queue/                                                                                                                                                                                                               ││ wazuh-manager The path /var/ossec/queue is already mounted                                                                                                                                                                                                                 ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/agentless/                                                                                                                                                                                                           ││ wazuh-manager The path /var/ossec/agentless is empty, skipped                                                                                                                                                                                                              ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/var/multigroups/                                                                                                                                                                                                     ││ wazuh-manager The path /var/ossec/var/multigroups is empty, skipped                                                                                                                                                                                                        ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/integrations/                                                                                                                                                                                                        ││ wazuh-manager The path /var/ossec/integrations is empty, skipped                                                                                                                                                                                                           ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/active-response/bin/                                                                                                                                                                                                 ││ wazuh-manager The path /var/ossec/active-response/bin is empty, skipped                                                                                                                                                                                                    ││ wazuh-manager /var/ossec/data_tmp/permanent/var/ossec/wodles/                                                                                                                                                                                                              │
│ wazuh-manager The path /var/ossec/wodles is already mounted                                                                                                                                                                                                                │
│ wazuh-manager /var/ossec/data_tmp/permanent/etc/filebeat/                                                                                                                                                                                                                  │
│ wazuh-manager The path /etc/filebeat is already mounted                                                                                                                                                                                                                    │
│ wazuh-manager Updating /var/ossec/etc/internal_options.conf                                                                                                                                                                                                                │
│ wazuh-manager Error executing command: 'cp -p /var/ossec/data_tmp/exclusion//var/ossec/etc/internal_options.conf /var/ossec/etc/internal_options.conf'.                                                                                                                    │
│ wazuh-manager Exiting.                                                                                                                                                                                                                                                     │
│ wazuh-manager [cont-init.d] 0-wazuh-init: exited 1.
│
│ wazuh-manager [cont-init.d] 1-config-filebeat: executing...                                                                                                                                                  │
│ wazuh-manager Customize Elasticsearch output IP                                                                                                                                                              │
│ wazuh-manager Configuring username.                                                                                                                                                                          │
│ wazuh-manager Configuring password.                                                                                                                                                                          │
│ wazuh-manager Configuring SSL verification mode.                                                                                                                                                             │
│ wazuh-manager Configuring Certificate Authorities.                                                                                                                                                           │
│ wazuh-manager Configuring SSL Certificate.                                                                                                                                                                   │
│ wazuh-manager Configuring SSL Key.                                                                                                                                                                           │
│ wazuh-manager [cont-init.d] 1-config-filebeat: exited 0.                                                                                                                                                     │
│ wazuh-manager [cont-init.d] 2-manager: executing...                                                                                                                                                          │
│ wazuh-manager Error during the database migration. Restoring the previous database file                                                                                                                      │
│ wazuh-manager Error details: [Errno 1] Operation not permitted: '/var/ossec/api/configuration/security/rbac.db'                                                                                              │
│ wazuh-manager Traceback (most recent call last):                                                                                                                                                             │
│ wazuh-manager   File "/var/ossec/framework/scripts/create_user.py", line 72, in <module>                                                                                                                     │
│ wazuh-manager     check_database_integrity()                                                                                                                                                                 │
│ wazuh-manager   File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/orm.py", line 3184, in check_database_integrity                                                                    │
│ wazuh-manager     raise e                                                                                                                                                                                    │
│ wazuh-manager   File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/orm.py", line 3132, in check_database_integrity                                                                    │
│ wazuh-manager     _set_permissions_and_ownership(DB_FILE)                                                                                                                                                    │
│ wazuh-manager   File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/orm.py", line 3123, in _set_permissions_and_ownership                                                              │
│ wazuh-manager     chown(database, wazuh_uid(), wazuh_gid())                                                                                                                                                  │
│ wazuh-manager   File "/var/ossec/framework/python/lib/python3.10/shutil.py", line 1383, in chown                                                                                                             │
│ wazuh-manager     os.chown(path, _user, _group)                                                                                                                                                              │
│ wazuh-manager PermissionError: [Errno 1] Operation not permitted: '/var/ossec/api/configuration/security/rbac.db'                                                                                            │
│ wazuh-manager There was an error configuring the API user                                                                                                                                                    │
│ wazuh-manager [cont-init.d] 2-manager: exited 0.                                                                                                                                                             │
│ wazuh-manager [cont-init.d] done.                                                                                                                                                                            │
│ wazuh-manager [services.d] starting services                                                                                                                                                                 │
│ wazuh-manager s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening                                                                                                          │
│ wazuh-manager [cont-finish.d] executing container finish scripts...                                                                                                                                          │
│ wazuh-manager [cont-finish.d] done.                                                                                                                                                                          │
│ wazuh-manager [s6-finish] waiting for services.                                                                                                                                                              │
│ wazuh-manager s6-svwait: fatal: unable to subscribe to events for /var/run/s6/services/filebeat: No such file or directory                                                                                   │
│ wazuh-manager [s6-finish] sending all processes the TERM signal.                                                                                                                                             │
│ wazuh-manager [s6-finish] sending all processes the KILL signal and exiting.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Wazuh Master in K8s #1040

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Wazuh Master in K8s #1040

Uh oh!

Uh oh!

coreyperkins Apr 29, 2025

Replies: 0 comments

coreyperkins
Apr 29, 2025