diff --git a/build-docker-images/wazuh-agent/Dockerfile b/build-docker-images/wazuh-agent/Dockerfile index 3b90c23e..46bcab1c 100644 --- a/build-docker-images/wazuh-agent/Dockerfile +++ b/build-docker-images/wazuh-agent/Dockerfile @@ -20,6 +20,7 @@ RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \ dnf install curl-minimal tar gzip procps -y &&\ curl -o /wazuh-agent.rpm "${agent_url}" && \ dnf install /wazuh-agent.rpm -y && \ + rm -rf /wazuh-agent.rpm && \ dnf clean all && \ sed -i '//d' /var/ossec/etc/ossec.conf && \ curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index c02123d6..780f28f6 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -15,6 +15,7 @@ RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \ dnf install curl-minimal libcap openssl -y && \ curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \ dnf install /wazuh-dashboard.rpm -y && \ + rm -rf /wazuh-dashboard.rpm && \ dnf clean all # Create and set permissions to data directories diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 36011034..23879717 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -10,7 +10,7 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh CERT_CONFIG_FILE=config.yml -CERT_TOOL_VERSION="${WAZUH_VERSION%.*}" +CERT_TOOL_VERSION=5.0 #"${WAZUH_VERSION%.*}" PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/ PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/ diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh index 290f9fa8..ea9974f1 100644 --- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh +++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh @@ -1,20 +1,181 @@ #!/bin/bash # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) -INSTALL_DIR=/usr/share/wazuh-dashboard +# Run Wazuh dashboard, using environment variables to +# set longopts defining Wazuh dashboard's configuration. +# +# eg. Setting the environment variable: +# +# OPENSEARCH_STARTUPTIMEOUT=60 +# +# will cause OpenSearch-Dashboards to be invoked with: +# +# --opensearch.startupTimeout=60 + +# Setup Home Directory +export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard +export PATH=$OPENSEARCH_DASHBOARDS_HOME/bin:$PATH DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}" DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}" # Create and configure Wazuh dashboard keystore -yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \ -echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \ -echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root +yes | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore create --allow-root && \ +echo $DASHBOARD_USERNAME | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \ +echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root -############################################################################## -# Start Wazuh dashboard -############################################################################## +opensearch_dashboards_vars=( + console.enabled + console.proxyConfig + console.proxyFilter + ops.cGroupOverrides.cpuPath + ops.cGroupOverrides.cpuAcctPath + cpu.cgroup.path.override + cpuacct.cgroup.path.override + csp.rules + csp.strict + csp.warnLegacyBrowsers + data.search.usageTelemetry.enabled + opensearch.customHeaders + opensearch.hosts + opensearch.logQueries + opensearch.memoryCircuitBreaker.enabled + opensearch.memoryCircuitBreaker.maxPercentage + opensearch.password + opensearch.pingTimeout + opensearch.requestHeadersWhitelist + opensearch.requestTimeout + opensearch.shardTimeout + opensearch.sniffInterval + opensearch.sniffOnConnectionFault + opensearch.sniffOnStart + opensearch.ssl.alwaysPresentCertificate + opensearch.ssl.certificate + opensearch.ssl.certificateAuthorities + opensearch.ssl.key + opensearch.ssl.keyPassphrase + opensearch.ssl.keystore.path + opensearch.ssl.keystore.password + opensearch.ssl.truststore.path + opensearch.ssl.truststore.password + opensearch.ssl.verificationMode + opensearch.username + i18n.locale + interpreter.enableInVisualize + opensearchDashboards.autocompleteTerminateAfter + opensearchDashboards.autocompleteTimeout + opensearchDashboards.defaultAppI + server.rewriteBasePath + server.socketTimeout + server.ssl.cert + server.ssl.certificate + server.ssl.certificateAuthorities + server.ssl.cipherSuites + server.ssl.clientAuthentication + server.customResponseHeaders + server.ssl.enabled + server.ssl.key + server.ssl.keyPassphrase + server.ssl.keystore.path + server.ssl.keystore.password + server.ssl.truststore.path + server.ssl.truststore.password + server.ssl.redirectHttpFromPort + server.ssl.supportedProtocols + server.xsrf.disableProtection + server.xsrf.whitelist + status.allowAnonymous + status.v6ApiFormat + tilemap.options.attribution + tilemap.options.maxZoom + tilemap.options.minZoom + tilemap.options.subdomains + tilemap.url + timeline.enabled + vega.enableExternalUrls + apm_oss.apmAgentConfigurationIndex + apm_oss.indexPattern + apm_oss.errorIndices + apm_oss.onboardingIndices + apm_oss.spanIndices + apm_oss.sourcemapIndices + apm_oss.transactionIndices + apm_oss.metricsIndices + telemetry.allowChangingOptInStatus + telemetry.enabled + telemetry.optIn + telemetry.optInStatusUrl + telemetry.sendUsageFrom + vis_builder.enabled + data_source.enabled + data_source.encryption.wrappingKeyName + data_source.encryption.wrappingKeyNamespace + data_source.encryption.wrappingKey + data_source.audit.enabled + data_source.audit.appender.kind + data_source.audit.appender.path + data_source.audit.appender.layout.kind + data_source.audit.appender.layout.highlight + data_source.audit.appender.layout.pattern + ml_commons_dashboards.enabled + observability.query_assist.enabled + usageCollection.uiMetric.enabled + workspace.enabled + assistant.chat.enabled + assistant.alertInsight.enabled + assistant.smartAnomalyDetector.enabled + assistant.text2viz.enabled + queryEnhancements.queryAssist.summary.enabled +) -/wazuh_app_config.sh $WAZUH_UI_REVISION +function runOpensearchDashboards { + longopts=() + for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + # 'opensearch.hosts' -> 'OPENSEARCH_URL' + env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) -/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml \ No newline at end of file + # Indirectly lookup env var values via the name of the var. + # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78 + value=${!env_var} + if [[ -n $value ]]; then + longopt="--${opensearch_dashboards_var}=${value}" + longopts+=("${longopt}") + fi + done + + # Files created at run-time should be group-writable, for Openshift's sake. + umask 0002 + + # TO DO: + # Confirm with Mihir if this is necessary + + # The virtual file /proc/self/cgroup should list the current cgroup + # membership. For each hierarchy, you can follow the cgroup path from + # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and + # introspect the statistics for the cgroup for the given + # hierarchy. Alas, Docker breaks this by mounting the container + # statistics at the root while leaving the cgroup paths as the actual + # paths. Therefore, OpenSearch-Dashboards provides a mechanism to override + # reading the cgroup path from /proc/self/cgroup and instead uses the + # cgroup path defined the configuration properties + # cpu.cgroup.path.override and cpuacct.cgroup.path.override. + # Therefore, we set this value here so that cgroup statistics are + # available for the container this process will run in. + + exec "$@" \ + --ops.cGroupOverrides.cpuPath=/ \ + --ops.cGroupOverrides.cpuAcctPath=/ \ + "${longopts[@]}" +} + +# Prepend "opensearch-dashboards" command if no argument was provided or if the +# first argument looks like a flag (i.e. starts with a dash). +if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then + set -- opensearch-dashboards "$@" +fi + +if [ "$1" = "opensearch-dashboards" ]; then + runOpensearchDashboards "$@" +else + exec "$@" +fi \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh index e98a8b46..1410d5be 100644 --- a/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh +++ b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh @@ -32,13 +32,19 @@ do fi done -cat << EOF >> $dashboard_config_file -hosts: - - 1513629884013: - url: $wazuh_url - port: $wazuh_port - username: $api_username - password: $api_password - run_as: $api_run_as -EOF +grep -q 1513629884013 $dashboard_config_file +_config_exists=$? +if [[ $_config_exists -ne 0 ]]; then + cat << EOF >> $dashboard_config_file + hosts: + - 1513629884013: + url: $wazuh_url + port: $wazuh_port + username: $api_username + password: $api_password + run_as: $api_run_as + EOF +else + echo "Wazuh APP already configured" +fi diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index 3772bd10..ada8d8d6 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -14,6 +14,7 @@ RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \ dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\ curl -o /wazuh-indexer.rpm "${indexer_url}" && \ dnf install /wazuh-indexer.rpm -y && \ + rm -rf /wazuh-indexer.rpm && \ dnf clean all && \ bash config.sh @@ -69,4 +70,4 @@ EXPOSE 9200 ENTRYPOINT ["/entrypoint.sh"] # Dummy overridable parameter parsed by entrypoint -CMD ["opensearchwrapper"] \ No newline at end of file +CMD ["opensearch"] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index e3573ace..4ff30da5 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -22,7 +22,7 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh CERT_CONFIG_FILE=config.yml -CERT_TOOL_VERSION="${WAZUH_VERSION%.*}" +CERT_TOOL_VERSION=5.0 #"${WAZUH_VERSION%.*}" PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/ PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/ diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index caddb80e..8b2c3834 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -1,93 +1,77 @@ -#!/usr/bin/env bash -# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) -set -e +#!/bin/bash -umask 0002 +# Copyright OpenSearch Contributors +# SPDX-License-Identifier: Apache-2.0 -export USER=wazuh-indexer -export INSTALLATION_DIR=/usr/share/wazuh-indexer -export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config -export JAVA_HOME=${INSTALLATION_DIR}/jdk -export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) -export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) -export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" -export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" +# This script specify the entrypoint startup actions for opensearch +# It will start both opensearch and performance analyzer plugin cli +# If either process failed, the entire docker container will be removed +# in favor of a newly started container + +# Export OpenSearch Home +export OPENSEARCH_HOME=/usr/share/wazuh-indexer +export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config +export PATH=$OPENSEARCH_HOME/bin:$PATH + + +# The virtual file /proc/self/cgroup should list the current cgroup +# membership. For each hierarchy, you can follow the cgroup path from +# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and +# introspect the statistics for the cgroup for the given +# hierarchy. Alas, Docker breaks this by mounting the container +# statistics at the root while leaving the cgroup paths as the actual +# paths. Therefore, OpenSearch provides a mechanism to override +# reading the cgroup path from /proc/self/cgroup and instead uses the +# cgroup path defined the JVM system property +# opensearch.cgroups.hierarchy.override. Therefore, we set this value here so +# that cgroup statistics are available for the container this process +# will run in. +export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS" + +# Start up the opensearch and performance analyzer agent processes. +# When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes. +function runOpensearch { + # Files created by OpenSearch should always be group writable too + umask 0002 + + if [[ "$(id -u)" == "0" ]]; then + echo "Wazuh indexer cannot run as root. Please start your container as another user." + exit 1 + fi + + # Parse Docker env vars to customize Wazuh indexer / OpenSearch configuration + # + # e.g. Setting the env var cluster.name=testcluster + # will cause Wazuh indexer to be invoked with -Ecluster.name=testcluster + opensearch_opts=() + while IFS='=' read -r envvar_key envvar_value + do + # OpenSearch settings need to have at least two dot separated lowercase + # words, e.g. `cluster.name`, except for `processors` which we handle + # specially + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then + if [[ ! -z $envvar_value ]]; then + opensearch_opt="-E${envvar_key}=${envvar_value}" + opensearch_opts+=("${opensearch_opt}") + fi + fi + done < <(env) + + # Start opensearch + exec "$@" "${opensearch_opts[@]}" -run_as_other_user_if_needed() { - if [[ "$(id -u)" == "0" ]]; then - # If running as root, drop to specified UID and run command - exec chroot --userspec=1000:0 / "${@}" - else - # Either we are running in Openshift with random uid and are a member of the root group - # or with a custom --user - exec "${@}" - fi } -# Allow user specify custom CMD, maybe bin/opensearch itself -# for example to directly specify `-E` style parameters for opensearch on k8s -# or simply to run /bin/bash to check the image -if [[ "$1" != "opensearchwrapper" ]]; then - if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then - # Rewrite CMD args to replace $1 with `opensearch` explicitly, - # Without this, user could specify `opensearch -E x.y=z` but - # `bin/opensearch -E x.y=z` would not work. - set -- "opensearch" "${@:2}" - # Use chroot to switch to UID 1000 / GID 0 - exec chroot --userspec=1000:0 / "$@" - else - # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?) +# Prepend "opensearch" command if no argument was provided or if the first +# argument looks like a flag (i.e. starts with a dash). +if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then + set -- opensearch "$@" +fi + +if [ "$1" = "opensearch" ]; then + # If the first argument is opensearch, then run the setup script. + runOpensearch "$@" +else + # Otherwise, just exec the command. exec "$@" - fi -fi - -# Allow environment variables to be set by creating a file with the -# contents, and setting an environment variable with the suffix _FILE to -# point to it. This can be used to provide secrets to a container, without -# the values being specified explicitly when running the container. -# -# This is also sourced in opensearch-env, and is only needed here -# as well because we use INDEXER_PASSWORD below. Sourcing this script -# is idempotent. -source /usr/share/wazuh-indexer/bin/opensearch-env-from-file - -if [[ -f bin/opensearch-users ]]; then - # Check for the INDEXER_PASSWORD environment variable to set the - # bootstrap password for Security. - # - # This is only required for the first node in a cluster with Security - # enabled, but we have no way of knowing which node we are yet. We'll just - # honor the variable if it's present. - if [[ -n "$INDEXER_PASSWORD" ]]; then - [[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create) - if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then - # keystore is unencrypted - if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then - (run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password') - fi - else - # keystore requires password - if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \ - | opensearch-keystore list | grep -q '^bootstrap.password$') ; then - COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")" - (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password') - fi - fi - fi -fi - -if [[ "$(id -u)" == "0" ]]; then - # If requested and running as root, mutate the ownership of bind-mounts - if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then - chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs} - fi -fi - - -#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then - # run securityadmin.sh for single node with CACERT, CERT and KEY parameter -# nohup /securityadmin.sh & -# touch "/var/lib/wazuh-indexer/.flag" -#fi - -run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file +fi \ No newline at end of file diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile index 258638e4..64c7059f 100644 --- a/build-docker-images/wazuh-manager/Dockerfile +++ b/build-docker-images/wazuh-manager/Dockerfile @@ -16,6 +16,7 @@ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \ dnf clean all && \ curl -o /wazuh-manager.rpm "${manager_url}" && \ dnf install /wazuh-manager.rpm -y && \ + rm -rf /wazuh-manager.rpm && \ dnf clean all && \ curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ -o /tmp/s6-overlay-amd64.tar.gz && \ diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init index ca125b1b..a91d6b1e 100644 --- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init @@ -152,18 +152,76 @@ set_custom_hostname() { sed -i 's/to_be_replaced_by_hostname<\/node_name>/'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf } -############################################################################## -# Allow users to set the container cluster key dynamically on -# container start. -# -# To use this: -# 1. Create your own ossec.conf file -# 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key -# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf -############################################################################## +function_configure_ossec_conf() { +OSSEC_CONF="${WAZUH_INSTALL_PATH}/etc/ossec.conf" -set_custom_cluster_key() { - sed -i 's/to_be_replaced_by_cluster_key<\/key>/'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf +# -------------------------- +# Defaults based on OSSEC_CONF +# -------------------------- +if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then + WAZUH_CLUSTER_KEY=$(sed -n '//,/<\/cluster>/s/.*\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1) +fi + +# Node type logic +if [[ "$WAZUH_NODE_TYPE" != "worker" ]]; then + WAZUH_NODE_TYPE="master" +fi + +# Default node name → HOSTNAME if not defined +WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}" + +# -------------------------- +# Replace Indexer Hosts +# -------------------------- +if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then + TMP_HOSTS=$(mktemp) + { + echo " " + for NODE in $WAZUH_INDEXER_HOSTS; do + IP="${NODE%:*}" + PORT="${NODE#*:}" + echo " https://$IP:$PORT" + done + echo " " + } > "$TMP_HOSTS"; + sed -i -e '//,/<\/indexer>/{ //,/<\/hosts>/{ //r '"$TMP_HOSTS" \ + -e 'd }}' "$OSSEC_CONF"; + rm -f "$TMP_HOSTS"; +fi + +# -------------------------- +# Cluster: node_name +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_NODE_NAME|" "$OSSEC_CONF" + +# -------------------------- +# Cluster: node_type +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_NODE_TYPE|" "$OSSEC_CONF" + +# -------------------------- +# Cluster: key +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_CLUSTER_KEY|" "$OSSEC_CONF" + +# -------------------------- +# Cluster: nodes list +# -------------------------- +if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then + TMP_NODES=$(mktemp) + { + echo " " + for N in $WAZUH_CLUSTER_NODES; do + echo " $N" + done + echo " " + } > "$TMP_NODES"; + sed -i -e '//,/<\/cluster>/{ //,/<\/nodes>/{ //r '"$TMP_NODES" \ + -e 'd }}' "$OSSEC_CONF"; + rm -f "$TMP_NODES"; +fi + +echo "Wazuh manager config modified successfully." } ############################################################################## @@ -221,8 +279,8 @@ main() { # Allow setting custom hostname set_custom_hostname - # Allow setting custom cluster key - set_custom_cluster_key + # Configure ossec.conf based on environment variables + function_configure_ossec_conf # Delete temporary data folder rm -rf ${WAZUH_INSTALL_PATH}/data_tmp diff --git a/single-node/config/wazuh_cluster/entrypoint.sh b/single-node/config/wazuh_cluster/entrypoint.sh new file mode 100755 index 00000000..51f53312 --- /dev/null +++ b/single-node/config/wazuh_cluster/entrypoint.sh @@ -0,0 +1,85 @@ +#!/bin/bash +set -xe + +OSSEC_CONF="ossec.conf" + +# -------------------------- +# Defaults based on OSSEC_CONF +# -------------------------- +if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then + WAZUH_CLUSTER_KEY=$(sed -n '//,/<\/cluster>/s/.*\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1) +fi + +if [[ -z "$WAZUH_CLUSTER_PORT" ]]; then + WAZUH_CLUSTER_PORT=$(sed -n '//,/<\/cluster>/s/.*\(.*\)<\/port>.*/\1/p' "$OSSEC_CONF" | head -n1) +fi + +# Node type logic +if [[ -z "$WAZUH_NODE_TYPE" ]]; then + if [[ "$HOSTNAME" == "manager" || "$HOSTNAME" == "aio_node" ]]; then + WAZUH_NODE_TYPE="master" + else + WAZUH_NODE_TYPE="worker" + fi +fi + +# Default node name → HOSTNAME if not defined +WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}" + +# -------------------------- +# Replace Indexer Hosts +# -------------------------- +if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then + TMP_HOSTS=$(mktemp) + { + echo " " + for NODE in $WAZUH_INDEXER_HOSTS; do + IP="${NODE%:*}" + PORT="${NODE#*:}" + echo " https://$IP:$PORT" + done + echo " " + } > "$TMP_HOSTS"; + sed -i -e '//,/<\/indexer>/{ //,/<\/hosts>/{ //r '"$TMP_HOSTS" \ + -e 'd }}' "$OSSEC_CONF"; + rm -f "$TMP_HOSTS"; +fi + +# -------------------------- +# Cluster: node_name +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_NODE_NAME|" "$OSSEC_CONF" + +# -------------------------- +# Cluster: node_type +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_NODE_TYPE|" "$OSSEC_CONF" + +# -------------------------- +# Cluster: key +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_CLUSTER_KEY|" "$OSSEC_CONF" + +# -------------------------- +# Cluster: port +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_CLUSTER_PORT|" "$OSSEC_CONF" + +# -------------------------- +# Cluster: nodes list +# -------------------------- +if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then + TMP_NODES=$(mktemp) + { + echo " " + for N in $WAZUH_CLUSTER_NODES; do + echo " $N" + done + echo " " + } > "$TMP_NODES"; + sed -i -e '//,/<\/cluster>/{ //,/<\/nodes>/{ //r '"$TMP_NODES" \ + -e 'd }}' "$OSSEC_CONF"; + rm -f "$TMP_NODES"; +fi + +echo "Wazuh manager config modified successfully." diff --git a/single-node/config/wazuh_indexer/wazuh.indexer.yml b/single-node/config/wazuh_indexer/wazuh.indexer.yml index 655a16a4..3fc295a4 100644 --- a/single-node/config/wazuh_indexer/wazuh.indexer.yml +++ b/single-node/config/wazuh_indexer/wazuh.indexer.yml @@ -6,12 +6,12 @@ path.logs: /var/log/wazuh-indexer discovery.type: single-node http.port: 9200-9299 transport.tcp.port: 9300-9399 -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem +plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false