Merge pull request #2092 from wazuh/change/6569-nokia-private-key-hardcoded-in-wazuh-manager-image

Removed sslmanager key from the docker manager image
2025-12-10 00:38:27 -06:00 · 2025-11-27 11:59:55 -03:00 · 2025-11-27 11:59:55 -03:00 · 8c147b13de
commit 8c147b13de
parent 1cff9a8dfa 48650df87e
3 changed files with 7 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
 ### Changed
 - Removed sslmanager key from the docker manager image. ([#2092](https://github.com/wazuh/wazuh-docker/pull/2092))
 - Backport 4.13.0 changes: Modify wazuh-keystore use ([#2036](https://github.com/wazuh/wazuh-docker/pull/2036)) \- (wazuh-keystore)
 ### Fixed
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@ -30,7 +30,9 @@ RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
    -o /tmp/s6-overlay-amd64.tar.gz && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
-    rm  /tmp/s6-overlay-amd64.tar.gz
+    rm  /tmp/s6-overlay-amd64.tar.gz && \
    rm -f /var/ossec/etc/sslmanager.key && \
    rm -f /var/ossec/etc/sslmanager.cert
 COPY config/etc/ /etc/
 COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@ -6,8 +6,6 @@ source /permanent_data.env
 WAZUH_INSTALL_PATH=/var/ossec
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
 AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
 ##############################################################################
 # Aux functions
@ -180,7 +178,7 @@ set_rids_owner() {
 }
 ##############################################################################
-# Change any ossec user/group to wazuh user/group 
+# Change any ossec user/group to wazuh user/group
 ##############################################################################
 set_correct_permOwner() {
@ -209,13 +207,9 @@ main() {
  # Remove some files in permanent_data (i.e. .template.db)
  remove_data_files
-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
  if [ $AUTO_ENROLLMENT_ENABLED == true ]
  then
-    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
+    create_ossec_key_cert
    then
      create_ossec_key_cert
    fi
  fi
  # Mount selected files (WAZUH_CONFIG_MOUNT) to container