Merge pull request #1114 from wazuh/merge-4.8.0-into-master

Merge 4.8.0 into master
2025-12-13 02:14:00 -06:00 · 2023-11-14 08:08:04 -03:00 · 2023-11-14 08:08:04 -03:00 · dc167c2316
commit dc167c2316
parent 6591e7e4a1 6b910bc636
12 changed files with 64 additions and 11 deletions
--- a/.env
+++ b/.env
@ -1,3 +1,6 @@
 WAZUH_VERSION=4.9.0
 WAZUH_IMAGE_VERSION=4.9.0
 WAZUH_TAG_REVISION=1
 FILEBEAT_TEMPLATE_BRANCH=4.8.0
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz
 WAZUH_UI_REVISION=1
--- a/README.md
+++ b/README.md
@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0         ##
    │   │   └── Dockerfile
    │   ├── wazuh-indexer
    │   │   ├── config
    │   │   │   ├── action_groups.yml
    │   │   │   ├── config.sh
    │   │   │   ├── config.yml
    │   │   │   ├── entrypoint.sh
--- a/build-docker-images/wazuh-indexer/Dockerfile
+++ b/build-docker-images/wazuh-indexer/Dockerfile
@ -12,6 +12,8 @@ COPY config/config.sh .
 COPY config/config.yml /
 COPY config/action_groups.yml /
 COPY config/internal_users.yml /
 COPY config/roles_mapping.yml /
@ -33,6 +35,8 @@ ENV USER="wazuh-indexer" \
    NAME="wazuh-indexer" \
    INSTALL_DIR="/usr/share/wazuh-indexer"
 RUN apt-get update -y && apt-get install curl -y
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 RUN useradd --system \
@ -50,7 +54,9 @@ COPY config/entrypoint.sh /
 COPY config/securityadmin.sh /
-RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
+COPY config/ism-check.sh /
 RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && chmod 700 /ism-check.sh
 RUN chown 1000:1000 /*.sh
--- a/build-docker-images/wazuh-indexer/config/action_groups.yml
+++ b/build-docker-images/wazuh-indexer/config/action_groups.yml
@ -0,0 +1,12 @@
 ---
 _meta:
  type: "actiongroups"
  config_version: 2
 # ISM API permissions group
 manage_ism:
  reserved: true
  hidden: false
  allowed_actions:
  - "cluster:admin/opendistro/ism/*"
  static: false
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/
 # Copy Wazuh's config files for the security plugin
 cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
--- a/build-docker-images/wazuh-indexer/config/entrypoint.sh
+++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh
@ -90,4 +90,6 @@ fi
 #  touch "/var/lib/wazuh-indexer/.flag"
 #fi
 nohup /ism-check.sh &
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
--- a/build-docker-images/wazuh-indexer/config/ism-check.sh
+++ b/build-docker-images/wazuh-indexer/config/ism-check.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 SERVER=`hostname`
 if [[ -n "$INDEXER_PASSWORD"  ]]; then
    until [[ `curl -XGET https://$SERVER:9200/_cat/indices -u admin:SecretPassword -k -s  | grep .opendistro_security | wc -l`  -eq 1 ]]
    do
        echo "Wazuh indexer Security is not initiaized";
        sleep 30
    done
    bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh  -p $INDEXER_PASSWORD -i $SERVER
 fi
--- a/build-docker-images/wazuh-indexer/config/roles.yml
+++ b/build-docker-images/wazuh-indexer/config/roles.yml
@ -142,7 +142,7 @@ wazuh_ui_user:
    allowed_actions:
    - "read"
  tenant_permissions: []
-  static: false        
+  static: false
 wazuh_ui_admin:
  reserved: true
@ -160,4 +160,12 @@ wazuh_ui_admin:
    - "manage"
    - "index"
  tenant_permissions: []
-  static: false  
+  static: false
 # ISM API permissions role
 manage_ism:
  reserved: true
  hidden: false
  cluster_permissions:
  - "manage_ism"
  static: false
--- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml
+++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml
@ -33,7 +33,7 @@ kibana_user:
  - "kibanauser"
  users:
  - "wazuh_user"
-  - "wazuh_admin"    
+  - "wazuh_admin"
  description: "Maps kibanauser to kibana_user"
 readall:
@ -68,4 +68,11 @@ wazuh_ui_user:
  hosts: []
  users:
  - "wazuh_user"
-  and_backend_roles: []
+  and_backend_roles: []
 # ISM API permissions role mapping
 manage_ism:
  reserved: true
  hidden: false
  users:
  - "kibanaserver"
--- a/build-docker-images/wazuh-manager/config/check_repository.sh
+++ b/build-docker-images/wazuh-manager/config/check_repository.sh
@ -1,6 +1,7 @@
 ## variables
 GPG_SIGN='[arch=amd64 signed-by=/etc/apt/keyrings/wazuh.gpg]'
 APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main"
+REPOSITORY="deb ${GPG_SIGN} https://packages.wazuh.com/4.x/apt/ stable main"
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
 MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
 MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
@ -12,18 +13,18 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 ## check version to use the correct repository
 if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-  REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
+  REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
 elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-    REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
+    REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-      REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
+      REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
    fi
  fi
 fi
-apt-key adv --fetch-keys ${APT_KEY}
+curl ${APT_KEY} | gpg --dearmor -o /etc/apt/keyrings/wazuh.gpg
 echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list
--- a/multi-node/docker-compose.yml
+++ b/multi-node/docker-compose.yml
@ -89,6 +89,7 @@ services:
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "bootstrap.memory_lock=true"
      - 'INDEXER_PASSWORD=SecretPassword'
    ulimits:
      memlock:
        soft: -1
--- a/single-node/docker-compose.yml
+++ b/single-node/docker-compose.yml
@ -52,7 +52,8 @@ services:
    ports:
      - "9200:9200"
    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+      - "OPENSEARCH_JAVA_OPTS=-Xms1024m -Xmx1024m"
      - 'INDEXER_PASSWORD=SecretPassword'
    ulimits:
      memlock:
        soft: -1