[Security] Building and Operating a Threat Hunting System Using Wazuh+ELK (SIEM) (Basic)
[Training for Security Experts] Master how to build and operate an optimized threat hunting system by combining Wazuh and the ELK stack. Upgrade your security skills with strategies and hands-on exercises that can be applied directly in the field!
140 learners
Level Basic
Course period Unlimited
Chapter 01 - 05_Errors and solutions when performing the threat hunting system #2 (wazuh Install) (Language pack related issues)
This content was shared by our student (Airman) regarding troubleshooting.
Troubleshooting Summary: When installing Linux, the installation is in 'English' ( unattended.sh (shell script) does not work properly due to encoding and other problems)
In the middle of the class, I'm asked to perform an unattended installation by executing the command below, but the installation stops with an error "If you installed Ubuntu in a language other than English." curl -so ~/ unattended-installation.sh https://packages.wazuh.com/resources/4.2/open-distro/unattended-installation/unattended-installation.sh && bash ~/ unattended-installation.sh -i Terminal output: No operand on line 332 in the shell script ~ Cause of the problem: In line 331 of the shell script, there is a content that says to find the string called Mem by executing the free -g command and find the value of the second argument there, but "This is because it cannot be found if the system language is installed in a language other than English, and an error occurs." First, as a solution, install Ubuntu in English from the beginning. If you installed Ubuntu in a different language, it is recommended to change it to English through the process below and execute the curl ~~ command. Use the locale -a command to find if en_US.UTF-8 exists.
If there is) sudo update-locale LANG=en_US.UTF-8
If not, run sudo locale-gen en_US.UTF-8 and then run sudo update-locale LANG=en_US.UTF-8
Apply system changes without rebooting*
Finally, whether or not there is one, run the following command: source /etc/default/locale
Of course, I could change the script content to free -g | awk 'NR==2{print $2}' without changing the language, but I don't want to go through the trouble of finding the corresponding content in the shell script. After the failure error appears, why don't I just run it again by adding the overwrite option like bash ~/ unattended-installation.sh -i —overwrite? But this also means "In the end, the clean installation didn't go well, so I keep getting an error saying that something was not installed."