Update Wazuh

vim /usr/lib/systemd/system/wazuh-indexer.service

from
# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=180

to

# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
#TimeoutStartSec=180

from console linux

systemctl daemon-reload
system wazuh-indexer restart

than disable Performance Analyzer

If you prefer to save memory and run your local instance of OpenSearch with the Performance Analyzer plugin disabled, perform the following steps:

  1. Before disabling Performance Analyzer, stop any currently running RCA agent action by using the following command:
  curl -XPOST localhost:9200/_plugins/_performanceanalyzer/rca/cluster/config -H 'Content-Type: application/json' -d '{"enabled": false}'
  1. Shut down the Performance Analyzer RCA agent by running the following command:
  kill $(ps aux | grep -i 'PerformanceAnalyzerApp' | grep -v grep | awk '{print $2}')
  1. Disable the Performance Analyzer plugin by running the following command:
  curl -XPOST localhost:9200/_plugins/_performanceanalyzer/cluster/config -H 'Content-Type: application/json' -d '{"enabled": false}'

example : curl -XPOST -k -u admin:password https://localhost:9200/_plugins/_performanceanalyzer/cluster/config -H ‘Content-Type: application/json’ -d ‘{“enabled”: false}’

 

  1. Uninstall the Performance Analyzer plugin by running the following command:
  bin/opensearch-plugin remove opensearch-performance-analyzer

OpenLDAP

sudo dnf groupinstall “Development Tools”
sudo dnf install openldap-devel

 

wget https://www.openldap.org/software/download/OpenLDAP_2.4.59.tgz
tar -xzf OpenLDAP_2.4.59.tgz
cd openldap-2.4.59

./configure
make
sudo make install

UNDERSTANDING AN EMAIL HEADER

HOW TO VIEW AN EMAIL SUBHEADER

In this example, the “Sender” mt.kb.user@gmail.com wants to send an email to the “Receiver” user@example.com. The sender composes the email at gmail.com, and user@example.com receives it in the email client Apple Mail.

Here is the example header:

From: Media Temple user (mt.kb.user@gmail.com)
Subject: article: How to Trace a Email
Date: January 25, 2011 3:30:58 PM PDT
To: user@example.com
Return-Path: <mt.kb.user@gmail.com>
Envelope-To: user@example.com
Delivery-Date: Tue, 25 Jan 2011 15:31:01 -0700
Received: from po-out-1718.google.com ([72.14.252.155]:54907) by cl35.gs01.gridserver.com with esmtp (Exim 4.63) (envelope-from <mt.kb.user@gmail.com>) id 1KDoNH-0000f0-RL for user@example.com; Tue, 25 Jan 2011 15:31:01 -0700
Received: by po-out-1718.google.com with SMTP id y22so795146pof.4 for <user@example.com>; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Received: by 10.141.116.17 with SMTP id t17mr3929916rvm.251.1214951458741; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Received: by 10.140.188.3 with HTTP; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=+JqkmVt+sHDFIGX5jKp3oP18LQf10VQjAmZAKl1lspY=; b=F87jySDZnMayyitVxLdHcQNL073DytKRyrRh84GNsI24IRNakn0oOfrC2luliNvdea LGTk3adIrzt+N96GyMseWz8T9xE6O/sAI16db48q4Iqkd7uOiDvFsvS3CUQlNhybNw8m CH/o8eELTN0zbSbn5Trp0dkRYXhMX8FTAwrH0=
Domainkey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=wkbBj0M8NCUlboI6idKooejg0sL2ms7fDPe1tHUkR9Ht0qr5lAJX4q9PMVJeyjWalH 36n4qGLtC2euBJY070bVra8IBB9FeDEW9C35BC1vuPT5XyucCm0hulbE86+uiUTXCkaB 6ykquzQGCer7xPAcMJqVfXDkHo3H61HM9oCQM=
Message-Id: <c8f49cec0807011530k11196ad4p7cb4b9420f2ae752@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary=”—-=_Part_3927_12044027.1214951458678″
X-Spam-Status: score=3.7 tests=DNS_FROM_RFC_POST, HTML_00_10, HTML_MESSAGE, HTML_SHORT_LENGTH version=3.1.7
X-Spam-Level: ***
Message Body: This is a KnowledgeBase article that provides information on how to find email headers and use the data to trace a email.

HOW TO ANALYZE AN EMAIL HEADER

CAUTION:

It is important to know that when reading an email header every line can be forged, so only the Received: lines that are created by your service or computer should be completely trusted.

From

  • This displays who the message is from, however, this can be easily forged and can be the least reliable.

Subject

  • This is what the sender placed as a topic of the email content.

Date

  • This shows the date and time the email message was composed.

To

  • This shows to whom the message was addressed, but may not contain the recipient’s address.

Return-Path

  • The email address for return mail. This is the same as “Reply-To:”.

Envelope-To

  • This header shows that this email was delivered to the mailbox of a subscriber whose email address is user@example.com.

Delivery Date

  • This shows the date and time at which the email was received by your (mt) service or email client.

Received

  • The received is the most important part of the email header and is usually the most reliable. They form a list of all the servers/computers through which the message traveled in order to reach you.The received lines are best read from bottom to top. That is, the first “Received:” line is your own system or mail server. The last “Received:” line is where the mail originated. Each mail system has their own style of “Received:” line. A “Received:” line typically identifies the machine that received the mail and the machine from which the mail was received.

Dkim-Signature & Domainkey-Signature

Message-id

  • A unique string assigned by the mail system when the message is first created. These can easily be forged.

Mime-Version

Content-Type

  • Generally, this will tell you the format of the message, such as html or plaintext.

X-Spam-Status

  • Displays a spam score created by your service or mail client.

X-Spam-Level

  • Displays a spam score usually created by your service or mail client.

Message Body

  • This is the actual content of the email itself, written by the sender.

FINDING THE ORIGINAL SENDER

The easiest way for finding the original sender is by looking for the X-Originating-IP header. This header is important since it tells you the IP address of the computer that had sent the email. If you cannot find the X-Originating-IP header, then you will have to sift through the Received headers to find the sender’s IP address. In the example above, the originating IP Address is 10.140.188.3.

Once the email sender’s IP address is found, you can search for it at http://www.arin.net/. You should now be given results letting you know to which ISP (Internet Service Provider) or webhost the IP address belongs. Now, if you are tracking a spam email, you can send a complaint to the owner of the originating IP address. Be sure to include all the headers of the email when filing a complaint.