Merge pull request #2092 from wazuh/change/6569-nokia-private-key-hardcoded-in-wazuh-manager-image

Removed sslmanager key from the docker manager image
2025-12-10 00:38:27 -06:00 · 2025-11-27 11:59:55 -03:00 · 2025-11-27 11:59:55 -03:00 · 8c147b13de
commit 8c147b13de
parent 1cff9a8dfa 48650df87e
3 changed files with 7 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.

 ### Changed

+- Removed sslmanager key from the docker manager image. ([#2092](https://github.com/wazuh/wazuh-docker/pull/2092))
 - Backport 4.13.0 changes: Modify wazuh-keystore use ([#2036](https://github.com/wazuh/wazuh-docker/pull/2036)) \- (wazuh-keystore)

 ### Fixed
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@ -30,7 +30,9 @@ RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
    -o /tmp/s6-overlay-amd64.tar.gz && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
-    rm  /tmp/s6-overlay-amd64.tar.gz
+    rm  /tmp/s6-overlay-amd64.tar.gz && \
+    rm -f /var/ossec/etc/sslmanager.key && \
+    rm -f /var/ossec/etc/sslmanager.cert

 COPY config/etc/ /etc/
 COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@ -6,8 +6,6 @@ source /permanent_data.env

 WAZUH_INSTALL_PATH=/var/ossec
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
-

 ##############################################################################
 # Aux functions
@ -180,7 +178,7 @@ set_rids_owner() {
 }

 ##############################################################################
-# Change any ossec user/group to wazuh user/group 
+# Change any ossec user/group to wazuh user/group
 ##############################################################################

 set_correct_permOwner() {
@ -209,13 +207,9 @@ main() {
  # Remove some files in permanent_data (i.e. .template.db)
  remove_data_files

-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
-  if [ $AUTO_ENROLLMENT_ENABLED == true ]
+  if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
  then
-    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
-    then
-      create_ossec_key_cert
-    fi
+    create_ossec_key_cert
  fi

  # Mount selected files (WAZUH_CONFIG_MOUNT) to container