From d3d2ae7b8687125e331c22de850e4cbb3d2b62bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 13 Feb 2024 10:32:58 +0100 Subject: [PATCH 01/22] Bump version to 5.0.0 --- .env | 6 +++--- .github/.goss.yaml | 2 +- CHANGELOG.md | 5 +++++ README.md | 1 + VERSION | 4 ++-- build-docker-images/README.md | 4 ++-- build-docker-images/build-images.sh | 4 ++-- multi-node/docker-compose.yml | 12 ++++++------ single-node/docker-compose.yml | 6 +++--- 9 files changed, 25 insertions(+), 19 deletions(-) diff --git a/.env b/.env index 8f5d52ff..c2d4e554 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=4.9.0 -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_VERSION=5.0.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_TAG_REVISION=1 -FILEBEAT_TEMPLATE_BRANCH=4.9.0 +FILEBEAT_TEMPLATE_BRANCH=5.0.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_UI_REVISION=1 diff --git a/.github/.goss.yaml b/.github/.goss.yaml index a2ee17aa..d7898027 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 4.9.0-1 + - 5.0.0-1 port: tcp:1514: listening: true diff --git a/CHANGELOG.md b/CHANGELOG.md index a7bf8862..ef39d81d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Docker v5.0.0 +### Added + +- Update Wazuh to version [5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#v500) + ## Wazuh Docker v4.9.0 ### Added diff --git a/README.md b/README.md index 3bd8d37a..f06a456c 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,7 @@ WAZUH_MONITORING_REPLICAS=0 ## | Wazuh version | ODFE | XPACK | |---------------|---------|--------| +| v5.0.0 | | | | v4.9.0 | | | | v4.8.2 | | | | v4.8.1 | | | diff --git a/VERSION b/VERSION index a25e5cee..1c77a838 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-DOCKER_VERSION="4.9.0" -REVISION="40900" +WAZUH-DOCKER_VERSION="5.0.0" +REVISION="50000" diff --git a/build-docker-images/README.md b/build-docker-images/README.md index d4c5b4ff..11fde42c 100644 --- a/build-docker-images/README.md +++ b/build-docker-images/README.md @@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: ``` -$ build-docker-images/build-images.sh -v 4.9.0 +$ build-docker-images/build-images.sh -v 5.0.0 ``` To get all the available script options use the -h or --help option: @@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS] -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.4. -r, --revision [Optional] Package revision. By default 1 - -v, --version [Optional] Set the Wazuh version should be builded. By default, 4.9.0. + -v, --version [Optional] Set the Wazuh version should be builded. By default, 5.0.0. -h, --help Show this help. ``` \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index f8ba8a56..343dda87 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,4 +1,4 @@ -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') @@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="4.9.0" +WAZUH_IMAGE_VERSION="5.0.0" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" FILEBEAT_MODULE_VERSION="0.4" diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 95de74c5..02c65755 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.master restart: always ulimits: @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.worker restart: always ulimits: @@ -81,7 +81,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always ports: @@ -108,7 +108,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always environment: @@ -130,7 +130,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always environment: @@ -152,7 +152,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index dd697a70..8a918738 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.manager restart: always ulimits: @@ -46,7 +46,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always ports: @@ -72,7 +72,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: From 935aee6d2acf279dc8986fc4e192344a13c98ea6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 19 Mar 2024 11:39:01 +0100 Subject: [PATCH 02/22] Fixed references to 4.8 in `master` --- build-docker-images/wazuh-dashboard/config/config.sh | 4 ++-- build-docker-images/wazuh-indexer/config/config.sh | 4 ++-- indexer-certs-creator/config/entrypoint.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 79306721..b2cbfea4 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 2768f157..ed4fff5c 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE} ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh index d3e0534e..3884ba64 100644 --- a/indexer-certs-creator/config/entrypoint.sh +++ b/indexer-certs-creator/config/entrypoint.sh @@ -8,8 +8,8 @@ ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') From f4ccd4b0a6e311aed44d55fec6e33220333fc6ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= Date: Tue, 9 Apr 2024 09:26:47 +0200 Subject: [PATCH 03/22] Removed commented lines 87 to 91 --- build-docker-images/wazuh-indexer/config/entrypoint.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 2acb4aa0..649d610d 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -84,10 +84,4 @@ if [[ "$(id -u)" == "0" ]]; then fi -#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then - # run securityadmin.sh for single node with CACERT, CERT and KEY parameter -# nohup /securityadmin.sh & -# touch "/var/lib/wazuh-indexer/.flag" -#fi - run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file From 10f278cadb94f1033378a77a811edafa5728e551 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 23 Apr 2024 11:43:29 -0300 Subject: [PATCH 04/22] add environment variables for configure wazuh indexer and dashboard files --- .../wazuh-dashboard/Dockerfile | 14 +- .../wazuh-dashboard/config/config.sh | 4 +- .../wazuh-dashboard/config/config.yml | 4 +- .../wazuh-dashboard/config/entrypoint.sh | 221 ++++++++++++- .../config/opensearch_dashboards.yml | 13 - build-docker-images/wazuh-indexer/Dockerfile | 19 +- .../wazuh-indexer/config/action_groups.yml | 12 - .../wazuh-indexer/config/config.sh | 6 - .../wazuh-indexer/config/entrypoint.sh | 295 +++++++++++++++++- .../wazuh-indexer/config/internal_users.yml | 74 ----- .../wazuh-indexer/config/opensearch.yml | 26 -- .../wazuh-indexer/config/roles.yml | 171 ---------- .../wazuh-indexer/config/roles_mapping.yml | 78 ----- .../wazuh_dashboard/opensearch_dashboards.yml | 12 - .../config/wazuh_indexer/wazuh1.indexer.yml | 38 --- .../config/wazuh_indexer/wazuh2.indexer.yml | 38 --- .../config/wazuh_indexer/wazuh3.indexer.yml | 38 --- multi-node/docker-compose.yml | 117 ++++++- single-node/docker-compose.yml | 47 ++- 19 files changed, 690 insertions(+), 537 deletions(-) delete mode 100644 build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml delete mode 100644 build-docker-images/wazuh-indexer/config/action_groups.yml delete mode 100644 build-docker-images/wazuh-indexer/config/internal_users.yml delete mode 100644 build-docker-images/wazuh-indexer/config/opensearch.yml delete mode 100644 build-docker-images/wazuh-indexer/config/roles.yml delete mode 100644 build-docker-images/wazuh-indexer/config/roles_mapping.yml delete mode 100644 multi-node/config/wazuh_dashboard/opensearch_dashboards.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh1.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh2.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh3.indexer.yml diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index e2e0bfd7..786bea0a 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -26,7 +26,7 @@ RUN chmod 775 /install_wazuh_app.sh RUN bash /install_wazuh_app.sh # Copy and set permissions to config files -COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/ +RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml @@ -34,6 +34,7 @@ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs +RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount ################################################################################ # Build stage 1 (the current Wazuh dashboard image): @@ -108,6 +109,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME=$INSTALL_DIR/jdk +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + # Set workdir and user WORKDIR $INSTALL_DIR USER wazuh-dashboard @@ -116,3 +126,5 @@ USER wazuh-dashboard EXPOSE 443 ENTRYPOINT [ "/entrypoint.sh" ] + +CMD ["opensearch-dashboards"] diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index b2cbfea4..a9c12e10 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A mkdir -p ${CONFIG_DIR}/certs # Copy Wazuh dashboard certs to install config dir -cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem -cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem +cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem +cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem chmod -R 500 ${CONFIG_DIR}/certs diff --git a/build-docker-images/wazuh-dashboard/config/config.yml b/build-docker-images/wazuh-dashboard/config/config.yml index 24764d54..8135fcfe 100644 --- a/build-docker-images/wazuh-dashboard/config/config.yml +++ b/build-docker-images/wazuh-dashboard/config/config.yml @@ -1,5 +1,5 @@ nodes: # Wazuh dashboard server nodes dashboard: - - name: demo.dashboard - ip: demo.dashboard \ No newline at end of file + - name: dashboard + ip: wazuh.dashboard diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh index 290f9fa8..698ebd62 100644 --- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh +++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh @@ -2,6 +2,215 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) INSTALL_DIR=/usr/share/wazuh-dashboard +export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR +WAZUH_CONFIG_MOUNT=/wazuh-config-mount + +opensearch_dashboards_vars=( + console.enabled + console.proxyConfig + console.proxyFilter + ops.cGroupOverrides.cpuPath + ops.cGroupOverrides.cpuAcctPath + cpu.cgroup.path.override + cpuacct.cgroup.path.override + server.basePath + server.customResponseHeaders + server.compression.enabled + server.compression.referrerWhitelist + server.cors + server.cors.origin + server.defaultRoute + server.host + server.keepAliveTimeout + server.maxPayloadBytes + server.name + server.port + csp.rules + csp.strict + csp.warnLegacyBrowsers + data.search.usageTelemetry.enabled + opensearch.customHeaders + opensearch.hosts + opensearch.logQueries + opensearch.memoryCircuitBreaker.enabled + opensearch.memoryCircuitBreaker.maxPercentage + opensearch.password + opensearch.pingTimeout + opensearch.requestHeadersWhitelist + opensearch.requestHeadersAllowlist + opensearch_security.multitenancy.enabled + opensearch_security.readonly_mode.roles + opensearch.requestTimeout + opensearch.shardTimeout + opensearch.sniffInterval + opensearch.sniffOnConnectionFault + opensearch.sniffOnStart + opensearch.ssl.alwaysPresentCertificate + opensearch.ssl.certificate + opensearch.ssl.key + opensearch.ssl.keyPassphrase + opensearch.ssl.keystore.path + opensearch.ssl.keystore.password + opensearch.ssl.truststore.path + opensearch.ssl.truststore.password + opensearch.ssl.verificationMode + opensearch.username + i18n.locale + interpreter.enableInVisualize + opensearchDashboards.autocompleteTerminateAfter + opensearchDashboards.autocompleteTimeout + opensearchDashboards.defaultAppId + opensearchDashboards.index + logging.dest + logging.json + logging.quiet + logging.rotate.enabled + logging.rotate.everyBytes + logging.rotate.keepFiles + logging.rotate.pollingInterval + logging.rotate.usePolling + logging.silent + logging.useUTC + logging.verbose + map.includeOpenSearchMapsService + map.proxyOpenSearchMapsServiceInMaps + map.regionmap + map.tilemap.options.attribution + map.tilemap.options.maxZoom + map.tilemap.options.minZoom + map.tilemap.options.subdomains + map.tilemap.url + monitoring.cluster_alerts.email_notifications.email_address + monitoring.enabled + monitoring.opensearchDashboards.collection.enabled + monitoring.opensearchDashboards.collection.interval + monitoring.ui.container.opensearch.enabled + monitoring.ui.container.logstash.enabled + monitoring.ui.opensearch.password + monitoring.ui.opensearch.pingTimeout + monitoring.ui.opensearch.hosts + monitoring.ui.opensearch.username + monitoring.ui.opensearch.logFetchCount + monitoring.ui.opensearch.ssl.certificateAuthorities + monitoring.ui.opensearch.ssl.verificationMode + monitoring.ui.enabled + monitoring.ui.max_bucket_size + monitoring.ui.min_interval_seconds + newsfeed.enabled + ops.interval + path.data + pid.file + regionmap + security.showInsecureClusterWarning + server.rewriteBasePath + server.socketTimeout + server.customResponseHeaders + server.ssl.enabled + server.ssl.key + server.ssl.keyPassphrase + server.ssl.keystore.path + server.ssl.keystore.password + server.ssl.truststore.path + server.ssl.truststore.password + server.ssl.cert + server.ssl.certificate + server.ssl.certificateAuthorities + server.ssl.cipherSuites + server.ssl.clientAuthentication + opensearch.ssl.certificateAuthorities + server.ssl.redirectHttpFromPort + server.ssl.supportedProtocols + server.xsrf.disableProtection + server.xsrf.whitelist + status.allowAnonymous + status.v6ApiFormat + tilemap.options.attribution + tilemap.options.maxZoom + tilemap.options.minZoom + tilemap.options.subdomains + tilemap.url + timeline.enabled + vega.enableExternalUrls + apm_oss.apmAgentConfigurationIndex + apm_oss.indexPattern + apm_oss.errorIndices + apm_oss.onboardingIndices + apm_oss.spanIndices + apm_oss.sourcemapIndices + apm_oss.transactionIndices + apm_oss.metricsIndices + telemetry.allowChangingOptInStatus + telemetry.enabled + telemetry.optIn + telemetry.optInStatusUrl + telemetry.sendUsageFrom + vis_builder.enabled + data_source.enabled + data_source.encryption.wrappingKeyName + data_source.encryption.wrappingKeyNamespace + data_source.encryption.wrappingKey + data_source.audit.enabled + data_source.audit.appender.kind + data_source.audit.appender.path + data_source.audit.appender.layout.kind + data_source.audit.appender.layout.highlight + data_source.audit.appender.layout.pattern + ml_commons_dashboards.enabled + assistant.chat.enabled + observability.query_assist.enabled + uiSettings.overrides.defaultRoute +) + +print() { + echo -e $1 +} + +error_and_exit() { + echo "Error executing command: '$1'." + echo 'Exiting.' + exit 1 +} + +exec_cmd() { + eval $1 > /dev/null 2>&1 || error_and_exit "$1" +} + +exec_cmd_stdout() { + eval $1 2>&1 || error_and_exit "$1" +} + +function runOpensearchDashboards { + touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + longoptfile="${opensearch_dashboards_var}: ${value}" + if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then + sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + else + echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + fi + fi + done + + umask 0002 + + /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \ + --cpu.cgroup.path.override=/ \ + --cpuacct.cgroup.path.override=/ +} + +mount_files() { + if [ -e $WAZUH_CONFIG_MOUNT/* ] + then + print "Identified Wazuh cdashboard onfiguration files to mount..." + exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR" + else + print "No Wazuh dashboard configuration files to mount..." + fi +} + DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}" DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}" @@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o /wazuh_app_config.sh $WAZUH_UI_REVISION -/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml \ No newline at end of file +mount_files + +if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then + set -- opensearch-dashboards "$@" +fi + +if [ "$1" = "opensearch-dashboards" ]; then + runOpensearchDashboards "$@" +else + exec "$@" +fi diff --git a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml b/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml deleted file mode 100644 index 68e6c85f..00000000 --- a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml +++ /dev/null @@ -1,13 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh.indexer:9200 -opensearch.ssl.verificationMode: none -opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home - diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index bd579225..8d1ae451 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -6,20 +6,10 @@ ARG WAZUH_TAG_REVISION RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y -COPY config/opensearch.yml / - COPY config/config.sh . COPY config/config.yml / -COPY config/action_groups.yml / - -COPY config/internal_users.yml / - -COPY config/roles_mapping.yml / - -COPY config/roles.yml / - RUN bash config.sh ################################################################################ @@ -36,6 +26,15 @@ ENV USER="wazuh-indexer" \ NAME="wazuh-indexer" \ INSTALL_DIR="/usr/share/wazuh-indexer" +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME="$INSTALL_DIR/jdk" +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + RUN yum install curl-minimal shadow-utils findutils hostname -y RUN getent group $GROUP || groupadd -r -g 1000 $GROUP diff --git a/build-docker-images/wazuh-indexer/config/action_groups.yml b/build-docker-images/wazuh-indexer/config/action_groups.yml deleted file mode 100644 index 04119c8a..00000000 --- a/build-docker-images/wazuh-indexer/config/action_groups.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -_meta: - type: "actiongroups" - config_version: 2 - -# ISM API permissions group -manage_ism: - reserved: true - hidden: false - allowed_actions: - - "cluster:admin/opendistro/ism/*" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index ed4fff5c..299251f2 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -117,12 +117,6 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR} # Copy the security tools cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ -# Copy Wazuh's config files for the security plugin -cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 649d610d..60ae01d3 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -7,12 +7,272 @@ umask 0002 export USER=wazuh-indexer export INSTALLATION_DIR=/usr/share/wazuh-indexer export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR} -export JAVA_HOME=${INSTALLATION_DIR}/jdk -export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" +opensearch_vars=( + cluster.name + node.name + node.roles + path.data + path.logs + bootstrap.memory_lock + network.host + http.port + transport.port + network.bind_host + network.publish_host + transport.tcp.port + compatibility.override_main_response_version + http.host + http.bind_host + http.publish_host + http.compression + transport.host + transport.bind_host + transport.publish_host + discovery.seed_hosts + discovery.seed_providers + discovery.type + cluster.initial_cluster_manager_nodes + cluster.initial_master_nodes + node.max_local_storage_nodes + gateway.recover_after_nodes + gateway.recover_after_data_nodes + gateway.expected_data_nodes + gateway.recover_after_time + plugins.security.nodes_dn + plugins.security.nodes_dn_dynamic_config_enabled + plugins.security.authcz.admin_dn + plugins.security.roles_mapping_resolution + plugins.security.dls.mode + plugins.security.compliance.salt + config.dynamic.http.anonymous_auth_enabled + plugins.security.restapi.roles_enabled + plugins.security.restapi.password_validation_regex + plugins.security.restapi.password_validation_error_message + plugins.security.restapi.password_min_length + plugins.security.restapi.password_score_based_validation_strength + plugins.security.unsupported.restapi.allow_securityconfig_modification + plugins.security.authcz.impersonation_dn + plugins.security.authcz.rest_impersonation_user + plugins.security.allow_default_init_securityindex + plugins.security.allow_unsafe_democertificates + plugins.security.system_indices.permission.enabled + plugins.security.config_index_name + plugins.security.cert.oid + plugins.security.cert.intercluster_request_evaluator_class + plugins.security.enable_snapshot_restore_privilege + plugins.security.check_snapshot_restore_write_privileges + plugins.security.cache.ttl_minutes + plugins.security.protected_indices.enabled + plugins.security.protected_indices.roles + plugins.security.protected_indices.indices + plugins.security.system_indices.enabled + plugins.security.system_indices.indices + plugins.security.audit.enable_rest + plugins.security.audit.enable_transport + plugins.security.audit.resolve_bulk_requests + plugins.security.audit.config.disabled_categories + plugins.security.audit.ignore_requests + plugins.security.audit.threadpool.size + plugins.security.audit.threadpool.max_queue_len + plugins.security.audit.ignore_users + plugins.security.audit.type + plugins.security.audit.config.http_endpoints + plugins.security.audit.config.index + plugins.security.audit.config.type + plugins.security.audit.config.username + plugins.security.audit.config.password + plugins.security.audit.config.enable_ssl + plugins.security.audit.config.verify_hostnames + plugins.security.audit.config.enable_ssl_client_auth + plugins.security.audit.config.cert_alias + plugins.security.audit.config.pemkey_filepath + plugins.security.audit.config.pemkey_content + plugins.security.audit.config.pemkey_password + plugins.security.audit.config.pemcert_filepath + plugins.security.audit.config.pemcert_content + plugins.security.audit.config.pemtrustedcas_filepath + plugins.security.audit.config.pemtrustedcas_content + plugins.security.audit.config.webhook.url + plugins.security.audit.config.webhook.format + plugins.security.audit.config.webhook.ssl.verify + plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath + plugins.security.audit.config.webhook.ssl.pemtrustedcas_content + plugins.security.audit.config.log4j.logger_name + plugins.security.audit.config.log4j.level + opendistro_security.audit.config.disabled_rest_categories + opendistro_security.audit.config.disabled_transport_categories + plugins.security.ssl.transport.enforce_hostname_verification + plugins.security.ssl.transport.resolve_hostname + plugins.security.ssl.http.clientauth_mode + plugins.security.ssl.http.enabled_ciphers + plugins.security.ssl.http.enabled_protocols + plugins.security.ssl.transport.enabled_ciphers + plugins.security.ssl.transport.enabled_protocols + plugins.security.ssl.transport.keystore_type + plugins.security.ssl.transport.keystore_filepath + plugins.security.ssl.transport.keystore_alias + plugins.security.ssl.transport.keystore_password + plugins.security.ssl.transport.truststore_type + plugins.security.ssl.transport.truststore_filepath + plugins.security.ssl.transport.truststore_alias + plugins.security.ssl.transport.truststore_password + plugins.security.ssl.http.enabled + plugins.security.ssl.http.keystore_type + plugins.security.ssl.http.keystore_filepath + plugins.security.ssl.http.keystore_alias + plugins.security.ssl.http.keystore_password + plugins.security.ssl.http.truststore_type + plugins.security.ssl.http.truststore_filepath + plugins.security.ssl.http.truststore_alias + plugins.security.ssl.http.truststore_password + plugins.security.ssl.transport.enable_openssl_if_available + plugins.security.ssl.http.enable_openssl_if_available + plugins.security.ssl.transport.pemkey_filepath + plugins.security.ssl.transport.pemkey_password + plugins.security.ssl.transport.pemcert_filepath + plugins.security.ssl.transport.pemtrustedcas_filepath + plugins.security.ssl.http.pemkey_filepath + plugins.security.ssl.http.pemkey_password + plugins.security.ssl.http.pemcert_filepath + plugins.security.ssl.http.pemtrustedcas_filepath + plugins.security.ssl.transport.enabled + plugins.security.ssl.transport.client.pemkey_password + plugins.security.ssl.transport.keystore_keypassword + plugins.security.ssl.transport.server.keystore_keypassword + plugins.sercurity.ssl.transport.server.keystore_alias + plugins.sercurity.ssl.transport.client.keystore_alias + plugins.sercurity.ssl.transport.server.truststore_alias + plugins.sercurity.ssl.transport.client.truststore_alias + plugins.security.ssl.client.external_context_id + plugins.secuirty.ssl.transport.principal_extractor_class + plugins.security.ssl.http.crl.file_path + plugins.security.ssl.http.crl.validate + plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp + plugins.security.ssl.http.crl.check_only_end_entitites + plugins.security.ssl.http.crl.disable_ocsp + plugins.security.ssl.http.crl.disable_crldp + plugins.security.ssl.allow_client_initiated_renegotiation + indices.breaker.total.use_real_memory + indices.breaker.total.limit + indices.breaker.fielddata.limit + indices.breaker.fielddata.overhead + indices.breaker.request.limit + indices.breaker.request.overhead + network.breaker.inflight_requests.limit + network.breaker.inflight_requests.overhead + cluster.routing.allocation.enable + cluster.routing.allocation.node_concurrent_incoming_recoveries + cluster.routing.allocation.node_concurrent_outgoing_recoveries + cluster.routing.allocation.node_concurrent_recoveries + cluster.routing.allocation.node_initial_primaries_recoveries + cluster.routing.allocation.same_shard.host + cluster.routing.rebalance.enable + cluster.routing.allocation.allow_rebalance + cluster.routing.allocation.cluster_concurrent_rebalance + cluster.routing.allocation.balance.shard + cluster.routing.allocation.balance.index + cluster.routing.allocation.balance.threshold + cluster.routing.allocation.balance.prefer_primary + cluster.routing.allocation.disk.threshold_enabled + cluster.routing.allocation.disk.watermark.low + cluster.routing.allocation.disk.watermark.high + cluster.routing.allocation.disk.watermark.flood_stage + cluster.info.update.interval + cluster.routing.allocation.shard_movement_strategy + cluster.blocks.read_only + cluster.blocks.read_only_allow_delete + cluster.max_shards_per_node + cluster.persistent_tasks.allocation.enable + cluster.persistent_tasks.allocation.recheck_interval + cluster.search.request.slowlog.threshold.warn + cluster.search.request.slowlog.threshold.info + cluster.search.request.slowlog.threshold.debug + cluster.search.request.slowlog.threshold.trace + cluster.search.request.slowlog.level + cluster.fault_detection.leader_check.timeout + cluster.fault_detection.follower_check.timeout + action.auto_create_index + action.destructive_requires_name + cluster.default.index.refresh_interval + cluster.minimum.index.refresh_interval + cluster.indices.close.enable + indices.recovery.max_bytes_per_sec + indices.recovery.max_concurrent_file_chunks + indices.recovery.max_concurrent_operations + indices.recovery.max_concurrent_remote_store_streams + indices.time_series_index.default_index_merge_policy + indices.fielddata.cache.size + index.number_of_shards + index.number_of_routing_shards + index.shard.check_on_startup + index.codec + index.codec.compression_level + index.routing_partition_size + index.soft_deletes.retention_lease.period + index.load_fixed_bitset_filters_eagerly + index.hidden + index.merge.policy + index.merge_on_flush.enabled + index.merge_on_flush.max_full_flush_merge_wait_time + index.merge_on_flush.policy + index.check_pending_flush.enabled + index.number_of_replicas + index.auto_expand_replicas + index.search.idle.after + index.refresh_interval + index.max_result_window + index.max_inner_result_window + index.max_rescore_window + index.max_docvalue_fields_search + index.max_script_fields + index.max_ngram_diff + index.max_shingle_diff + index.max_refresh_listeners + index.analyze.max_token_count + index.highlight.max_analyzed_offset + index.max_terms_count + index.max_regex_length + index.query.default_field + index.query.max_nested_depth + index.routing.allocation.enable + index.routing.rebalance.enable + index.gc_deletes + index.default_pipeline + index.final_pipeline + index.optimize_doc_id_lookup.fuzzy_set.enabled + index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability + search.max_buckets + search.phase_took_enabled + search.allow_expensive_queries + search.default_allow_partial_results + search.cancel_after_time_interval + search.default_search_timeout + search.default_keep_alive + search.keep_alive_interval + search.max_keep_alive + search.low_level_cancellation + search.max_open_scroll_context + search.request_stats_enabled + search.highlight.term_vector_multi_value + snapshot.max_concurrent_operations + cluster.remote_store.translog.buffer_interval + remote_store.moving_average_window_size + opensearch.notifications.core.allowed_config_types + opensearch.notifications.core.email.minimum_header_length + opensearch.notifications.core.email.size_limit + opensearch.notifications.core.http.connection_timeout + opensearch.notifications.core.http.host_deny_list + opensearch.notifications.core.http.max_connection_per_route + opensearch.notifications.core.http.max_connections + opensearch.notifications.core.http.socket_timeout + opensearch.notifications.core.tooltip_support + opensearch.notifications.general.filter_by_backend_roles +) + run_as_other_user_if_needed() { if [[ "$(id -u)" == "0" ]]; then # If running as root, drop to specified UID and run command @@ -24,6 +284,37 @@ run_as_other_user_if_needed() { fi } +function buildOpensearchConfig { + echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml + for opensearch_var in ${opensearch_vars[*]}; do + env_var=$(echo ${opensearch_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)" + sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + fi + while : + do + case "$charline" in + "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;; + *) break;; + esac + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + done + longoptfile="${opensearch_var}: ${value}" + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml + else + echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml + fi + fi + done +} + +buildOpensearchConfig + # Allow user specify custom CMD, maybe bin/opensearch itself # for example to directly specify `-E` style parameters for opensearch on k8s # or simply to run /bin/bash to check the image diff --git a/build-docker-images/wazuh-indexer/config/internal_users.yml b/build-docker-images/wazuh-indexer/config/internal_users.yml deleted file mode 100644 index 40fcb9cd..00000000 --- a/build-docker-images/wazuh-indexer/config/internal_users.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: "internalusers" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" - reserved: true - backend_roles: - - "admin" - description: "Demo admin user" - -kibanaserver: - hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." - reserved: true - description: "Demo kibanaserver user" - -kibanaro: - hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" - reserved: false - backend_roles: - - "kibanauser" - - "readall" - attributes: - attribute1: "value1" - attribute2: "value2" - attribute3: "value3" - description: "Demo kibanaro user" - -logstash: - hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" - reserved: false - backend_roles: - - "logstash" - description: "Demo logstash user" - -readall: - hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" - reserved: false - backend_roles: - - "readall" - description: "Demo readall user" - -snapshotrestore: - hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" - reserved: false - backend_roles: - - "snapshotrestore" - description: "Demo snapshotrestore user" - -wazuh_admin: - hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false - -wazuh_user: - hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/opensearch.yml b/build-docker-images/wazuh-indexer/config/opensearch.yml deleted file mode 100644 index 1f0a78b3..00000000 --- a/build-docker-images/wazuh-indexer/config/opensearch.yml +++ /dev/null @@ -1,26 +0,0 @@ -network.host: "0.0.0.0" -node.name: "wazuh.indexer" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -discovery.type: single-node -compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml deleted file mode 100644 index f8bc557a..00000000 --- a/build-docker-images/wazuh-indexer/config/roles.yml +++ /dev/null @@ -1,171 +0,0 @@ -_meta: - type: "roles" - config_version: 2 - -# Restrict users so they can only view visualization and dashboards on kibana -kibana_read_only: - reserved: true - -# The security REST API access role is used to assign specific users access to change the security settings through the REST API. -security_rest_api_access: - reserved: true - -# Allows users to view monitors, destinations and alerts -alerting_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/get' - - 'cluster:admin/opendistro/alerting/destination/get' - - 'cluster:admin/opendistro/alerting/monitor/get' - - 'cluster:admin/opendistro/alerting/monitor/search' - -# Allows users to view and acknowledge alerts -alerting_ack_alerts: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/*' - -# Allows users to use all alerting functionality -alerting_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/alerting/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allow users to read Anomaly Detection detectors and results -anomaly_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/ad/detector/info' - - 'cluster:admin/opendistro/ad/detector/search' - - 'cluster:admin/opendistro/ad/detectors/get' - - 'cluster:admin/opendistro/ad/result/search' - - 'cluster:admin/opendistro/ad/tasks/search' - -# Allows users to use all Anomaly Detection functionality -anomaly_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/ad/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allows users to read Notebooks -notebooks_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/list' - - 'cluster:admin/opendistro/notebooks/get' - -# Allows users to all Notebooks functionality -notebooks_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/create' - - 'cluster:admin/opendistro/notebooks/update' - - 'cluster:admin/opendistro/notebooks/delete' - - 'cluster:admin/opendistro/notebooks/get' - - 'cluster:admin/opendistro/notebooks/list' - -# Allows users to read and download Reports -reports_instances_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to read and download Reports and Report-definitions -reports_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to all Reports functionality -reports_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/create' - - 'cluster:admin/opendistro/reports/definition/update' - - 'cluster:admin/opendistro/reports/definition/on_demand' - - 'cluster:admin/opendistro/reports/definition/delete' - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to use all asynchronous-search functionality -asynchronous_search_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices:data/read/search*' - -# Allows users to read stored asynchronous-search results -asynchronous_search_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/get' - -wazuh_ui_user: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - tenant_permissions: [] - static: false - -wazuh_ui_admin: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - - "delete" - - "manage" - - "index" - tenant_permissions: [] - static: false - -# ISM API permissions role -manage_ism: - reserved: true - hidden: false - cluster_permissions: - - "manage_ism" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml deleted file mode 100644 index 7fa57a4d..00000000 --- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles. -# Permissions for Wazuh indexer roles are configured in roles.yml - -_meta: - type: "rolesmapping" - config_version: 2 - -# Define your roles mapping here - -## Demo roles mapping - -all_access: - reserved: false - backend_roles: - - "admin" - description: "Maps admin to all_access" - -own_index: - reserved: false - users: - - "*" - description: "Allow full access to an index named like the username" - -logstash: - reserved: false - backend_roles: - - "logstash" - -kibana_user: - reserved: false - backend_roles: - - "kibanauser" - users: - - "wazuh_user" - - "wazuh_admin" - description: "Maps kibanauser to kibana_user" - -readall: - reserved: false - backend_roles: - - "readall" - -manage_snapshots: - reserved: false - backend_roles: - - "snapshotrestore" - -kibana_server: - reserved: true - users: - - "kibanaserver" - -wazuh_ui_admin: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_admin" - - "kibanaserver" - and_backend_roles: [] - -wazuh_ui_user: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_user" - and_backend_roles: [] - -# ISM API permissions role mapping -manage_ism: - reserved: true - hidden: false - users: - - "kibanaserver" \ No newline at end of file diff --git a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index 3a53c3f8..00000000 --- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,12 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh1.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml deleted file mode 100644 index 59cbe9bf..00000000 --- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh1.indexer -node.name: wazuh1.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml deleted file mode 100644 index 478ed1d0..00000000 --- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh2.indexer -node.name: wazuh2.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml deleted file mode 100644 index 8caa513d..00000000 --- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh3.indexer -node.name: wazuh3.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index f7be620a..d9e535e3 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -87,8 +87,35 @@ services: ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh1.indexer + NODE_NAME: wazuh1.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -103,7 +130,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: @@ -111,8 +139,35 @@ services: hostname: wazuh2.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh2.indexer + NODE_NAME: wazuh2.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -125,7 +180,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem - - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: @@ -133,8 +189,35 @@ services: hostname: wazuh3.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh3.indexer + NODE_NAME: wazuh3.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -147,7 +230,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem - - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -163,11 +247,24 @@ services: - API_PASSWORD=MyS3cr37P450r.*- - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 + - OPENSEARCH_SSL_VERIFICATIONMODE=certificate + - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] + - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false + - SERVER_SSL_ENABLED=true + - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] + - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] + - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 6ae87391..2c1dd7a5 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -53,6 +53,33 @@ services: - "9200:9200" environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - NETWORK_HOST="0.0.0.0" + - NODE_NAME="wazuh.indexer" + - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer" + - CLUSTER_NAME="wazuh-cluster" + - PATH_DATA=/var/lib/wazuh-indexer + - PATH_LOGS=/var/log/wazuh-indexer + - HTTP_PORT=9200-9299 + - TRANSPORT_TCP_PORT=9300-9399 + - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true + - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true + - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false + - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false + - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true + - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true + - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' + - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true + - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true + - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false ulimits: memlock: soft: -1 @@ -67,7 +94,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -84,12 +112,25 @@ services: - DASHBOARD_PASSWORD=kibanaserver - API_USERNAME=wazuh-wui - API_PASSWORD=MyS3cr37P450r.*- + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=https://wazuh.indexer:9200 + - OPENSEARCH_SSL_VERIFICATIONMODE=certificate + - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] + - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false + - SERVER_SSL_ENABLED=true + - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] + - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] + - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: From 7ec98fedf9d58bf29a7deb0077003f750e6e72fe Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 24 Apr 2024 05:57:27 -0300 Subject: [PATCH 05/22] correct environment settings in services --- multi-node/docker-compose.yml | 125 ++++++++++++++++--------------- single-node/docker-compose.yml | 132 +++++++++++++++++---------------- 2 files changed, 132 insertions(+), 125 deletions(-) diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index d9e535e3..f45a5359 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -18,15 +18,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - master-wazuh-api-configuration:/var/ossec/api/configuration - master-wazuh-etc:/var/ossec/etc @@ -56,13 +56,13 @@ services: soft: 655360 hard: 655360 environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key volumes: - worker-wazuh-api-configuration:/var/ossec/api/configuration - worker-wazuh-etc:/var/ossec/etc @@ -84,6 +84,13 @@ services: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - "9200:9200" environment: @@ -116,13 +123,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -132,12 +132,18 @@ services: - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" @@ -168,13 +174,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -182,12 +181,18 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" @@ -218,13 +223,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -232,42 +230,47 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" - - WAZUH_API_URL="https://wazuh.master" - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - SERVER_HOST=0.0.0.0 - - SERVER_PORT=5601 - - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 - - OPENSEARCH_SSL_VERIFICATIONMODE=certificate - - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] - - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false - - SERVER_SSL_ENABLED=true - - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] - - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" - - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" - - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] - - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home + OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200" + WAZUH_API_URL: "https://wazuh.master" + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + SERVER_HOST: "0.0.0.0" + SERVER_PORT: "5601" + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: - wazuh1.indexer links: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 2c1dd7a5..cdef5a42 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -19,15 +19,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - wazuh_api_configuration:/var/ossec/api/configuration - wazuh_etc:/var/ossec/etc @@ -49,37 +49,6 @@ services: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always - ports: - - "9200:9200" - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - NETWORK_HOST="0.0.0.0" - - NODE_NAME="wazuh.indexer" - - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer" - - CLUSTER_NAME="wazuh-cluster" - - PATH_DATA=/var/lib/wazuh-indexer - - PATH_LOGS=/var/log/wazuh-indexer - - HTTP_PORT=9200-9299 - - TRANSPORT_TCP_PORT=9300-9399 - - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true - - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key - - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem - - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true - - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false - - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false - - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" - - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true - - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true - - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" - - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' - - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true - - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' - - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true - - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false ulimits: memlock: soft: -1 @@ -87,6 +56,37 @@ services: nofile: soft: 65536 hard: 65536 + ports: + - "9200:9200" + environment: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NODE_NAME: "wazuh.indexer" + CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer" + CLUSTER_NAME: "wazuh-cluster" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + HTTP_PORT: 9200-9299 + TRANSPORT_TCP_PORT: 9300-9399 + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -96,43 +96,47 @@ services: - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - WAZUH_API_URL=https://wazuh.manager - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - SERVER_HOST=0.0.0.0 - - SERVER_PORT=5601 - - OPENSEARCH_HOSTS=https://wazuh.indexer:9200 - - OPENSEARCH_SSL_VERIFICATIONMODE=certificate - - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] - - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false - - SERVER_SSL_ENABLED=true - - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] - - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" - - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" - - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] - - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home + WAZUH_API_URL: https://wazuh.manager + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + SERVER_HOST: 0.0.0.0 + SERVER_PORT: 5601 + OPENSEARCH_HOSTS: https://wazuh.indexer:9200 + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables - # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml depends_on: - wazuh.indexer links: From fc1ece705e92028b33c1c0d15ee53ce0e764cf88 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 05:44:14 -0300 Subject: [PATCH 06/22] Add the build of Wazuh cert tool image to build image process --- build-docker-images/build-images.sh | 1 + .../cert-tool-image}/Dockerfile | 5 +++-- .../cert-tool-image}/config/entrypoint.sh | 0 indexer-certs-creator/README.md | 9 --------- multi-node/generate-indexer-certs.yml | 5 +++-- single-node/generate-indexer-certs.yml | 5 +++-- 6 files changed, 10 insertions(+), 15 deletions(-) rename {indexer-certs-creator => build-docker-images/cert-tool-image}/Dockerfile (55%) rename {indexer-certs-creator => build-docker-images/cert-tool-image}/config/entrypoint.sh (100%) delete mode 100644 indexer-certs-creator/README.md diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 583eeaa9..6acdb2d3 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -71,6 +71,7 @@ build() { echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache + docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/ return 0 } diff --git a/indexer-certs-creator/Dockerfile b/build-docker-images/cert-tool-image/Dockerfile similarity index 55% rename from indexer-certs-creator/Dockerfile rename to build-docker-images/cert-tool-image/Dockerfile index 58b2583f..92c3cbac 100644 --- a/indexer-certs-creator/Dockerfile +++ b/build-docker-images/cert-tool-image/Dockerfile @@ -1,7 +1,8 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) -FROM ubuntu:focal +FROM amazonlinux:2023 -RUN apt-get update && apt-get install openssl curl -y +RUN yum install curl-minimal openssl -y &&\ +yum clean all WORKDIR / diff --git a/indexer-certs-creator/config/entrypoint.sh b/build-docker-images/cert-tool-image/config/entrypoint.sh similarity index 100% rename from indexer-certs-creator/config/entrypoint.sh rename to build-docker-images/cert-tool-image/config/entrypoint.sh diff --git a/indexer-certs-creator/README.md b/indexer-certs-creator/README.md deleted file mode 100644 index b7dbc565..00000000 --- a/indexer-certs-creator/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Certificate creation image build - -The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks. - -To create the image, the following command must be executed: - -``` -$ docker build -t wazuh/wazuh-certs-generator:0.0.1 . -``` diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-indexer-certs.yml index dbf2b079..a118f0be 100644 --- a/multi-node/generate-indexer-certs.yml +++ b/multi-node/generate-indexer-certs.yml @@ -3,8 +3,9 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:4.7.5 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml \ No newline at end of file diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml index 3e0eb6fd..efcd8d87 100644 --- a/single-node/generate-indexer-certs.yml +++ b/single-node/generate-indexer-certs.yml @@ -3,8 +3,9 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:5.0.0 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml From 1f32d2a358900308305711e0d899c280600e77b1 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 07:42:13 -0300 Subject: [PATCH 07/22] Modify yaml script name generator --- multi-node/{generate-indexer-certs.yml => generate-certs.yml} | 0 single-node/{generate-indexer-certs.yml => generate-certs.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename multi-node/{generate-indexer-certs.yml => generate-certs.yml} (100%) rename single-node/{generate-indexer-certs.yml => generate-certs.yml} (100%) diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-certs.yml similarity index 100% rename from multi-node/generate-indexer-certs.yml rename to multi-node/generate-certs.yml diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-certs.yml similarity index 100% rename from single-node/generate-indexer-certs.yml rename to single-node/generate-certs.yml From 6d63befeb7ddc181c70c2b3446a033e4fe9e99cd Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 07:57:03 -0300 Subject: [PATCH 08/22] Modify yaml script name generator --- multi-node/generate-certs.yml | 2 +- single-node/generate-certs.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/multi-node/generate-certs.yml b/multi-node/generate-certs.yml index a118f0be..f67aea04 100644 --- a/multi-node/generate-certs.yml +++ b/multi-node/generate-certs.yml @@ -8,4 +8,4 @@ services: container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml \ No newline at end of file + - ./config/certs.yml:/config/certs.yml diff --git a/single-node/generate-certs.yml b/single-node/generate-certs.yml index efcd8d87..6826ed7d 100644 --- a/single-node/generate-certs.yml +++ b/single-node/generate-certs.yml @@ -9,3 +9,4 @@ services: volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml + From 450a59a7c8c9335d9ce243a9fd270bc11b66e10b Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 10 Jun 2024 07:11:20 -0300 Subject: [PATCH 09/22] Change the name dir to Wazuh cert tool Dockerfile --- .../{cert-tool-image => wazuh-cert-tool}/Dockerfile | 0 .../{cert-tool-image => wazuh-cert-tool}/config/entrypoint.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename build-docker-images/{cert-tool-image => wazuh-cert-tool}/Dockerfile (100%) rename build-docker-images/{cert-tool-image => wazuh-cert-tool}/config/entrypoint.sh (100%) diff --git a/build-docker-images/cert-tool-image/Dockerfile b/build-docker-images/wazuh-cert-tool/Dockerfile similarity index 100% rename from build-docker-images/cert-tool-image/Dockerfile rename to build-docker-images/wazuh-cert-tool/Dockerfile diff --git a/build-docker-images/cert-tool-image/config/entrypoint.sh b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh similarity index 100% rename from build-docker-images/cert-tool-image/config/entrypoint.sh rename to build-docker-images/wazuh-cert-tool/config/entrypoint.sh From aed100447116b3813ef58599b508a58b622f46a4 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 10 Jun 2024 07:13:09 -0300 Subject: [PATCH 10/22] Change the generator script in multi node deployment --- multi-node/generate-certs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/multi-node/generate-certs.yml b/multi-node/generate-certs.yml index f67aea04..efcd8d87 100644 --- a/multi-node/generate-certs.yml +++ b/multi-node/generate-certs.yml @@ -3,7 +3,7 @@ version: '3' services: generator: - image: wazuh/wazuh-cert-tool:4.7.5 + image: wazuh/wazuh-cert-tool:5.0.0 hostname: wazuh-cert-tool container_name: wazuh-cert-tool volumes: From 1e6f93b20adda833688d4c321ba4edc3f33e5d89 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 09:46:53 -0300 Subject: [PATCH 11/22] Correct the name of the certificate generator script --- .github/workflows/push.yml | 4 ++-- README.md | 4 ++-- multi-node/Migration-to-Wazuh-4.4.md | 2 +- multi-node/README.md | 2 +- single-node/README.md | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 0444cba7..c528dced 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -89,7 +89,7 @@ jobs: - name: Create single node certficates - run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f single-node/generate-certs.yml run --rm generator - name: Start single node stack run: docker-compose -f single-node/docker-compose.yml up -d @@ -220,7 +220,7 @@ jobs: rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create multi node certficates - run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f multi-node/generate-certs.yml run --rm generator - name: Start multi node stack run: docker-compose -f multi-node/docker-compose.yml up -d diff --git a/README.md b/README.md index ce949de3..34290fc2 100644 --- a/README.md +++ b/README.md @@ -154,7 +154,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── wazuh_indexer_ssl_certs │   │   └── certs.yml │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   ├── Migration-to-Wazuh-4.3.md │   └── volume-migrator.sh ├── README.md @@ -181,7 +181,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   ├── wazuh.manager-key.pem │   │   └── wazuh.manager.pem │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   └── README.md └── VERSION diff --git a/multi-node/Migration-to-Wazuh-4.4.md b/multi-node/Migration-to-Wazuh-4.4.md index 3ff10a84..817dc961 100644 --- a/multi-node/Migration-to-Wazuh-4.4.md +++ b/multi-node/Migration-to-Wazuh-4.4.md @@ -354,7 +354,7 @@ docker container run --rm -it \ ``` git checkout 4.4 cd multi-node -docker-compose -f generate-indexer-certs.yml run --rm generator +docker-compose -f generate-certs.yml run --rm generator docker-compose up -d ``` diff --git a/multi-node/README.md b/multi-node/README.md index c1e8b998..64273eb8 100644 --- a/multi-node/README.md +++ b/multi-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: diff --git a/single-node/README.md b/single-node/README.md index efd303c7..ba1be707 100644 --- a/single-node/README.md +++ b/single-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: From fda4a171f4cf015ba3391e86a4fbacbddbebb2da Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:14:19 -0300 Subject: [PATCH 12/22] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index c528dced..902c64fb 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -22,6 +22,7 @@ jobs: docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar + docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar - name: Temporarily save Wazuh manager Docker image uses: actions/upload-artifact@v3 @@ -44,6 +45,13 @@ jobs: path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar retention-days: 1 + - name: Temporarily save Wazuh Cert Tool Docker image + uses: actions/upload-artifact@v3 + with: + name: docker-artifact-cert-tool + path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar + retention-days: 1 + - name: Install Goss uses: e1himself/goss-installation-action@v1.0.3 with: @@ -81,11 +89,18 @@ jobs: with: name: docker-artifact-dashboard + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-dashboard + - name: Docker load run: | docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create single node certficates @@ -212,11 +227,17 @@ jobs: with: name: docker-artifact-indexer + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-dashboard + - name: Docker load run: | - docker load --input ./wazuh-manager.tar docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar + docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create multi node certficates From cf3eb610812b649996527a3bc68dee288e8a4415 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:16:22 -0300 Subject: [PATCH 13/22] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 902c64fb..42669888 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -92,7 +92,7 @@ jobs: - name: Retrieve saved Wazuh Cert Tool Docker image uses: actions/download-artifact@v3 with: - name: docker-artifact-dashboard + name: docker-artifact-cert-tool - name: Docker load run: | @@ -230,7 +230,7 @@ jobs: - name: Retrieve saved Wazuh Cert Tool Docker image uses: actions/download-artifact@v3 with: - name: docker-artifact-dashboard + name: docker-artifact-cert-tool - name: Docker load run: | From 36e716033202ac22dd9b3c27103d0e26e496e593 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:19:50 -0300 Subject: [PATCH 14/22] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 42669888..18a71dd2 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -100,7 +100,7 @@ jobs: docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar docker load --input ./wazuh-cert-tool.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create single node certficates @@ -238,7 +238,7 @@ jobs: docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar docker load --input ./wazuh-cert-tool.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create multi node certficates run: docker-compose -f multi-node/generate-certs.yml run --rm generator From 0110e696d05e3ec45d0ca4d92edf17265257bcad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 19 Jul 2024 09:27:32 +0200 Subject: [PATCH 15/22] Revert "Merge branch '4.9.0' into merge-4.9.0-into-master" This reverts commit 622c67d2cc1349e44c60d29483d47fe10283fade, reversing changes made to 55f209e57fffdab957719ab3cf1f475d58d6300f. --- README.md | 54 +++++++++++++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index d7a34090..34290fc2 100644 --- a/README.md +++ b/README.md @@ -89,23 +89,19 @@ WAZUH_MONITORING_REPLICAS=0 ## ## Directory structure ├── build-docker-images - │   ├── build-images.sh - │   ├── build-images.yml - │   ├── README.md + │   ├── docker-compose.yml │   ├── wazuh-dashboard │   │   ├── config │   │   │   ├── config.sh │   │   │   ├── config.yml - │   │   │   ├── dl_base.sh │   │   │   ├── entrypoint.sh - │   │   │   ├── install_wazuh_app.sh │   │   │   ├── opensearch_dashboards.yml │   │   │   ├── wazuh_app_config.sh │   │   │   └── wazuh.yml │   │   └── Dockerfile │   ├── wazuh-indexer │   │   ├── config - │   │   │   ├── action_groups.yml + │ │ │ ├── action_groups.yml │   │   │   ├── config.sh │   │   │   ├── config.yml │   │   │   ├── entrypoint.sh @@ -117,7 +113,6 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── Dockerfile │   └── wazuh-manager │   ├── config - │   │   ├── check_repository.sh │   │   ├── create_user.py │   │   ├── etc │   │   │   ├── cont-init.d @@ -130,21 +125,19 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   │   │   └── run │   │   │   └── ossec-logs │   │   │   └── run - │   │   ├── filebeat_module.sh │   │   ├── filebeat.yml │   │   ├── permanent_data.env - │   │   └── permanent_data.sh + │   │   ├── permanent_data.sh + │   │   └── wazuh.repo │   └── Dockerfile ├── CHANGELOG.md ├── indexer-certs-creator │   ├── config │   │   └── entrypoint.sh - │   ├── Dockerfile - │   └── README.md + │   └── Dockerfile ├── LICENSE ├── multi-node │   ├── config - │   │   ├── certs.yml │   │   ├── nginx │   │   │   └── nginx.conf │   │   ├── wazuh_cluster @@ -153,29 +146,40 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   ├── wazuh_dashboard │   │   │   ├── opensearch_dashboards.yml │   │   │   └── wazuh.yml - │   │   └── wazuh_indexer - │   │   ├── internal_users.yml - │   │   ├── wazuh1.indexer.yml - │   │   ├── wazuh2.indexer.yml - │   │   └── wazuh3.indexer.yml + │   │   ├── wazuh_indexer + │   │   │   ├── internal_users.yml + │   │   │   ├── wazuh1.indexer.yml + │   │   │   ├── wazuh2.indexer.yml + │   │   │   └── wazuh3.indexer.yml + │   │   └── wazuh_indexer_ssl_certs + │   │   └── certs.yml │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml - │   ├── Migration-to-Wazuh-4.4.md - │   ├── README.md + │   ├── generate-certs.yml + │   ├── Migration-to-Wazuh-4.3.md │   └── volume-migrator.sh ├── README.md - ├── SECURITY.md ├── single-node │   ├── config - │   │   ├── certs.yml │   │   ├── wazuh_cluster │   │   │   └── wazuh_manager.conf │   │   ├── wazuh_dashboard │   │   │   ├── opensearch_dashboards.yml │   │   │   └── wazuh.yml - │   │   └── wazuh_indexer - │   │   ├── internal_users.yml - │   │   └── wazuh.indexer.yml + │   │   ├── wazuh_indexer + │   │   │   ├── internal_users.yml + │   │   │   └── wazuh.indexer.yml + │   │   └── wazuh_indexer_ssl_certs + │   │   ├── admin-key.pem + │   │   ├── admin.pem + │   │   ├── certs.yml + │   │   ├── root-ca.key + │   │   ├── root-ca.pem + │   │   ├── wazuh.dashboard-key.pem + │   │   ├── wazuh.dashboard.pem + │   │   ├── wazuh.indexer-key.pem + │   │   ├── wazuh.indexer.pem + │   │   ├── wazuh.manager-key.pem + │   │   └── wazuh.manager.pem │   ├── docker-compose.yml │   ├── generate-certs.yml │   └── README.md From eded59bc254920571a2763c48d84cbf7e320f306 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 19 Jul 2024 09:27:46 +0200 Subject: [PATCH 16/22] Revert "Merge branch '4.9.0' into merge-4.9.0-into-master" This reverts commit 4923750ea4e43a4cc6831b31161e1046a88113fd, reversing changes made to e1d70c35fe78f0278c1b55a49f9bd657195c9f30. --- .github/workflows/push.yml | 2 +- .../wazuh-dashboard/Dockerfile | 28 +++- .../config/check_repository.sh | 30 ---- .../wazuh-dashboard/config/dl_base.sh | 25 +++ .../config/install_wazuh_app.sh | 35 ++++ .../wazuh-dashboard/config/wazuh.yml | 155 ++++++++++++++++++ build-docker-images/wazuh-indexer/Dockerfile | 12 +- .../wazuh-indexer/config/check_repository.sh | 30 ---- .../wazuh-indexer/config/config.sh | 31 ++++ .../config/etc/cont-init.d/0-wazuh-init | 2 +- 10 files changed, 271 insertions(+), 79 deletions(-) delete mode 100644 build-docker-images/wazuh-dashboard/config/check_repository.sh create mode 100644 build-docker-images/wazuh-dashboard/config/dl_base.sh create mode 100644 build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh create mode 100644 build-docker-images/wazuh-dashboard/config/wazuh.yml delete mode 100644 build-docker-images/wazuh-indexer/config/check_repository.sh diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 2c952ef6..18a71dd2 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -291,7 +291,7 @@ jobs: sleep 10 done docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" - if [[ $docs -gt 0 ]]; then + if [[ $docs -gt 1 ]]; then echo "wazuh-alerts index documents: ${docs}" else echo "wazuh-alerts index documents: ${docs}" diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index 50adbb96..172c9861 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -3,23 +3,39 @@ FROM amazonlinux:2023 AS builder ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION +ARG INSTALL_DIR=/usr/share/wazuh-dashboard ARG WAZUH_UI_REVISION # Update and install dependencies -RUN yum install curl-minimal libcap openssl -y +RUN yum install curl-minimal libcap xz tar openssl -y -COPY config/check_repository.sh / -RUN chmod 775 /check_repository.sh && \ - source /check_repository.sh +# Create Install dir +RUN mkdir -p $INSTALL_DIR -RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ - yum clean all +# Download and extract Wazuh dashboard base +COPY config/dl_base.sh . +RUN bash dl_base.sh # Generate certificates COPY config/config.sh . COPY config/config.yml / RUN bash config.sh +COPY config/install_wazuh_app.sh / +RUN chmod 775 /install_wazuh_app.sh +RUN bash /install_wazuh_app.sh + +# Copy and set permissions to config files +RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml +COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ +RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml + +# Create and set permissions to data directories +RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh +RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config +RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs +RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount + ################################################################################ # Build stage 1 (the current Wazuh dashboard image): # diff --git a/build-docker-images/wazuh-dashboard/config/check_repository.sh b/build-docker-images/wazuh-dashboard/config/check_repository.sh deleted file mode 100644 index 5323ec81..00000000 --- a/build-docker-images/wazuh-dashboard/config/check_repository.sh +++ /dev/null @@ -1,30 +0,0 @@ -## variables -APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH -GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" -REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1" -WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) -MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) -MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) -MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) -MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) -MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) -MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) - -## check version to use the correct repository -if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then - APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" -elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then - if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then - APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" - elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then - if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then - APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" - fi - fi -fi - -rpm --import "${APT_KEY}" -echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/dl_base.sh b/build-docker-images/wazuh-dashboard/config/dl_base.sh new file mode 100644 index 00000000..21b23421 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/dl_base.sh @@ -0,0 +1,25 @@ +REPOSITORY="packages.wazuh.com/4.x" +WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) +MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) +MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) +MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) +MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) +MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) +MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) + +## check version to use the correct repository +if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then + REPOSITORY="packages-dev.wazuh.com/pre-release" +elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then + if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then + REPOSITORY="packages-dev.wazuh.com/pre-release" + elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then + if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then + REPOSITORY="packages-dev.wazuh.com/pre-release" + fi + fi +fi + + +curl -o wazuh-dashboard-base.tar.xz https://${REPOSITORY}/stack/dashboard/wazuh-dashboard-base-${WAZUH_VERSION}-${WAZUH_TAG_REVISION}-linux-x64.tar.xz +tar -xf wazuh-dashboard-base.tar.xz --directory $INSTALL_DIR --strip-components=1 diff --git a/build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh b/build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh new file mode 100644 index 00000000..4e8cb199 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh @@ -0,0 +1,35 @@ +## variables +WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip +WAZUH_CHECK_UPDATES=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip +WAZUH_CORE=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip +WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) +MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) +MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) +MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) +MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) +MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) +MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) + +## check version to use the correct repository +if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then + WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip +elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then + if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then + WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then + if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then + WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip + fi + fi +fi + +# Install Wazuh App +$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root +$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CHECK_UPDATES --allow-root +$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CORE --allow-root \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/wazuh.yml b/build-docker-images/wazuh-dashboard/config/wazuh.yml new file mode 100644 index 00000000..8e5f9447 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/wazuh.yml @@ -0,0 +1,155 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2017, Wazuh Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-dashboard-plugins +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +#checks.metaFields: true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.tsc : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.gcp : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# -------------------------------- API selector -------------------------------- +# +# Defines if the user is allowed to change the selected +# API directly from the Wazuh app top menu. +# Default: true +#api.selector: true +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-* +# +# --------------------------------- wazuh-cron ---------------------------------- +# +# Customize the index prefix of predefined jobs +# This change is not retroactive, if you change it new indexes will be created +# cron.prefix: test +# +# ------------------------------ wazuh-statistics ------------------------------- +# +# Custom setting to enable/disable statistics tasks. +#cron.statistics.status: true +# +# Enter the ID of the APIs you want to save data from, leave this empty to run +# the task on all configured APIs +#cron.statistics.apis: [] +# +# Define the frequency of task execution using cron schedule expressions +#cron.statistics.interval: 0 0 * * * * +# +# Define the name of the index in which the documents are to be saved. +#cron.statistics.index.name: statistics +# +# Define the interval in which the index will be created +#cron.statistics.index.creation: w +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ---------------------------- Hide manager alerts ------------------------------ +# Hide the alerts of the manager in all dashboards and discover +#hideManagerAlerts: false +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +# -------------------------------- Enrollment DNS ------------------------------- +# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. +# Default value: '' +#enrollment.dns: '' +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# username: +# password: diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index 0087b14a..e9e75972 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -6,15 +6,6 @@ ARG WAZUH_TAG_REVISION RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y -COPY config/check_repository.sh / -RUN chmod 775 /check_repository.sh && \ - source /check_repository.sh - -RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ - yum clean all - -COPY config/opensearch.yml / - COPY config/config.sh . COPY config/config.yml / @@ -67,8 +58,7 @@ RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh RUN chown 1000:1000 /*.sh -COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer -COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer +COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d diff --git a/build-docker-images/wazuh-indexer/config/check_repository.sh b/build-docker-images/wazuh-indexer/config/check_repository.sh deleted file mode 100644 index 5323ec81..00000000 --- a/build-docker-images/wazuh-indexer/config/check_repository.sh +++ /dev/null @@ -1,30 +0,0 @@ -## variables -APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH -GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" -REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1" -WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) -MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) -MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) -MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) -MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) -MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) -MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) - -## check version to use the correct repository -if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then - APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" -elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then - if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then - APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" - elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then - if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then - APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" - fi - fi -fi - -rpm --import "${APT_KEY}" -echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 8283adfa..299251f2 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -19,6 +19,37 @@ export INDEXER_FILE=wazuh-indexer-base.tar.xz export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz export REPO_DIR=/unattended_installer +rm -rf ${INSTALLATION_DIR}/ + +## variables +REPOSITORY="packages.wazuh.com/4.x" +WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) +MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) +MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) +MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) +MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) +MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) +MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) + +## check version to use the correct repository +if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then + REPOSITORY="packages-dev.wazuh.com/pre-release" +elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then + if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then + REPOSITORY="packages-dev.wazuh.com/pre-release" + elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then + if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then + REPOSITORY="packages-dev.wazuh.com/pre-release" + fi + fi +fi + + +curl -o ${INDEXER_FILE} https://${REPOSITORY}/stack/indexer/${BASE_FILE} +tar -xf ${INDEXER_FILE} + +## TOOLS + ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init index 326c46de..dae0e1f0 100644 --- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init @@ -199,7 +199,7 @@ main() { # Restore files stored in permanent data that are not permanent (i.e. internal_options.conf) apply_exclusion_data - + # Apply correct permission and ownership set_correct_permOwner From 54b2d4ce332bf42055a3b7f5285f4a3ab89e243f Mon Sep 17 00:00:00 2001 From: Carlos Bordon <64099752+c-bordon@users.noreply.github.com> Date: Fri, 19 Jul 2024 10:34:13 -0300 Subject: [PATCH 17/22] Revert "Revert merges of 4.9.0 branch into master branch" --- .github/workflows/push.yml | 2 +- README.md | 54 +++--- .../wazuh-dashboard/Dockerfile | 28 +--- .../config/check_repository.sh | 30 ++++ .../wazuh-dashboard/config/dl_base.sh | 25 --- .../config/install_wazuh_app.sh | 35 ---- .../wazuh-dashboard/config/wazuh.yml | 155 ------------------ build-docker-images/wazuh-indexer/Dockerfile | 12 +- .../wazuh-indexer/config/check_repository.sh | 30 ++++ .../wazuh-indexer/config/config.sh | 31 ---- .../config/etc/cont-init.d/0-wazuh-init | 2 +- 11 files changed, 104 insertions(+), 300 deletions(-) create mode 100644 build-docker-images/wazuh-dashboard/config/check_repository.sh delete mode 100644 build-docker-images/wazuh-dashboard/config/dl_base.sh delete mode 100644 build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh delete mode 100644 build-docker-images/wazuh-dashboard/config/wazuh.yml create mode 100644 build-docker-images/wazuh-indexer/config/check_repository.sh diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 18a71dd2..2c952ef6 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -291,7 +291,7 @@ jobs: sleep 10 done docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" - if [[ $docs -gt 1 ]]; then + if [[ $docs -gt 0 ]]; then echo "wazuh-alerts index documents: ${docs}" else echo "wazuh-alerts index documents: ${docs}" diff --git a/README.md b/README.md index 34290fc2..d7a34090 100644 --- a/README.md +++ b/README.md @@ -89,19 +89,23 @@ WAZUH_MONITORING_REPLICAS=0 ## ## Directory structure ├── build-docker-images - │   ├── docker-compose.yml + │   ├── build-images.sh + │   ├── build-images.yml + │   ├── README.md │   ├── wazuh-dashboard │   │   ├── config │   │   │   ├── config.sh │   │   │   ├── config.yml + │   │   │   ├── dl_base.sh │   │   │   ├── entrypoint.sh + │   │   │   ├── install_wazuh_app.sh │   │   │   ├── opensearch_dashboards.yml │   │   │   ├── wazuh_app_config.sh │   │   │   └── wazuh.yml │   │   └── Dockerfile │   ├── wazuh-indexer │   │   ├── config - │ │ │ ├── action_groups.yml + │   │   │   ├── action_groups.yml │   │   │   ├── config.sh │   │   │   ├── config.yml │   │   │   ├── entrypoint.sh @@ -113,6 +117,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── Dockerfile │   └── wazuh-manager │   ├── config + │   │   ├── check_repository.sh │   │   ├── create_user.py │   │   ├── etc │   │   │   ├── cont-init.d @@ -125,19 +130,21 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   │   │   └── run │   │   │   └── ossec-logs │   │   │   └── run + │   │   ├── filebeat_module.sh │   │   ├── filebeat.yml │   │   ├── permanent_data.env - │   │   ├── permanent_data.sh - │   │   └── wazuh.repo + │   │   └── permanent_data.sh │   └── Dockerfile ├── CHANGELOG.md ├── indexer-certs-creator │   ├── config │   │   └── entrypoint.sh - │   └── Dockerfile + │   ├── Dockerfile + │   └── README.md ├── LICENSE ├── multi-node │   ├── config + │   │   ├── certs.yml │   │   ├── nginx │   │   │   └── nginx.conf │   │   ├── wazuh_cluster @@ -146,40 +153,29 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   ├── wazuh_dashboard │   │   │   ├── opensearch_dashboards.yml │   │   │   └── wazuh.yml - │   │   ├── wazuh_indexer - │   │   │   ├── internal_users.yml - │   │   │   ├── wazuh1.indexer.yml - │   │   │   ├── wazuh2.indexer.yml - │   │   │   └── wazuh3.indexer.yml - │   │   └── wazuh_indexer_ssl_certs - │   │   └── certs.yml + │   │   └── wazuh_indexer + │   │   ├── internal_users.yml + │   │   ├── wazuh1.indexer.yml + │   │   ├── wazuh2.indexer.yml + │   │   └── wazuh3.indexer.yml │   ├── docker-compose.yml - │   ├── generate-certs.yml - │   ├── Migration-to-Wazuh-4.3.md + │   ├── generate-indexer-certs.yml + │   ├── Migration-to-Wazuh-4.4.md + │   ├── README.md │   └── volume-migrator.sh ├── README.md + ├── SECURITY.md ├── single-node │   ├── config + │   │   ├── certs.yml │   │   ├── wazuh_cluster │   │   │   └── wazuh_manager.conf │   │   ├── wazuh_dashboard │   │   │   ├── opensearch_dashboards.yml │   │   │   └── wazuh.yml - │   │   ├── wazuh_indexer - │   │   │   ├── internal_users.yml - │   │   │   └── wazuh.indexer.yml - │   │   └── wazuh_indexer_ssl_certs - │   │   ├── admin-key.pem - │   │   ├── admin.pem - │   │   ├── certs.yml - │   │   ├── root-ca.key - │   │   ├── root-ca.pem - │   │   ├── wazuh.dashboard-key.pem - │   │   ├── wazuh.dashboard.pem - │   │   ├── wazuh.indexer-key.pem - │   │   ├── wazuh.indexer.pem - │   │   ├── wazuh.manager-key.pem - │   │   └── wazuh.manager.pem + │   │   └── wazuh_indexer + │   │   ├── internal_users.yml + │   │   └── wazuh.indexer.yml │   ├── docker-compose.yml │   ├── generate-certs.yml │   └── README.md diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index 172c9861..50adbb96 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -3,39 +3,23 @@ FROM amazonlinux:2023 AS builder ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION -ARG INSTALL_DIR=/usr/share/wazuh-dashboard ARG WAZUH_UI_REVISION # Update and install dependencies -RUN yum install curl-minimal libcap xz tar openssl -y +RUN yum install curl-minimal libcap openssl -y -# Create Install dir -RUN mkdir -p $INSTALL_DIR +COPY config/check_repository.sh / +RUN chmod 775 /check_repository.sh && \ + source /check_repository.sh -# Download and extract Wazuh dashboard base -COPY config/dl_base.sh . -RUN bash dl_base.sh +RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ + yum clean all # Generate certificates COPY config/config.sh . COPY config/config.yml / RUN bash config.sh -COPY config/install_wazuh_app.sh / -RUN chmod 775 /install_wazuh_app.sh -RUN bash /install_wazuh_app.sh - -# Copy and set permissions to config files -RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml -COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ -RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml - -# Create and set permissions to data directories -RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh -RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config -RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs -RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount - ################################################################################ # Build stage 1 (the current Wazuh dashboard image): # diff --git a/build-docker-images/wazuh-dashboard/config/check_repository.sh b/build-docker-images/wazuh-dashboard/config/check_repository.sh new file mode 100644 index 00000000..5323ec81 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/check_repository.sh @@ -0,0 +1,30 @@ +## variables +APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH +GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" +REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1" +WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) +MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) +MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) +MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) +MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) +MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) +MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) + +## check version to use the correct repository +if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then + APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH + REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" +elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then + if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then + APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH + REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" + elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then + if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then + APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH + REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" + fi + fi +fi + +rpm --import "${APT_KEY}" +echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/dl_base.sh b/build-docker-images/wazuh-dashboard/config/dl_base.sh deleted file mode 100644 index 21b23421..00000000 --- a/build-docker-images/wazuh-dashboard/config/dl_base.sh +++ /dev/null @@ -1,25 +0,0 @@ -REPOSITORY="packages.wazuh.com/4.x" -WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) -MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) -MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) -MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) -MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) -MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) -MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) - -## check version to use the correct repository -if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then - REPOSITORY="packages-dev.wazuh.com/pre-release" -elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then - if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then - REPOSITORY="packages-dev.wazuh.com/pre-release" - elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then - if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then - REPOSITORY="packages-dev.wazuh.com/pre-release" - fi - fi -fi - - -curl -o wazuh-dashboard-base.tar.xz https://${REPOSITORY}/stack/dashboard/wazuh-dashboard-base-${WAZUH_VERSION}-${WAZUH_TAG_REVISION}-linux-x64.tar.xz -tar -xf wazuh-dashboard-base.tar.xz --directory $INSTALL_DIR --strip-components=1 diff --git a/build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh b/build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh deleted file mode 100644 index 4e8cb199..00000000 --- a/build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh +++ /dev/null @@ -1,35 +0,0 @@ -## variables -WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip -WAZUH_CHECK_UPDATES=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip -WAZUH_CORE=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip -WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) -MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) -MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) -MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) -MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) -MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) -MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) - -## check version to use the correct repository -if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then - WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip -elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then - if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then - WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then - if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then - WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip - fi - fi -fi - -# Install Wazuh App -$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root -$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CHECK_UPDATES --allow-root -$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CORE --allow-root \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/wazuh.yml b/build-docker-images/wazuh-dashboard/config/wazuh.yml deleted file mode 100644 index 8e5f9447..00000000 --- a/build-docker-images/wazuh-dashboard/config/wazuh.yml +++ /dev/null @@ -1,155 +0,0 @@ ---- -# -# Wazuh app - App configuration file -# Copyright (C) 2017, Wazuh Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Find more information about this on the LICENSE file. -# -# ======================== Wazuh app configuration file ======================== -# -# Please check the documentation for more information on configuration options: -# https://documentation.wazuh.com/current/installation-guide/index.html -# -# Also, you can check our repository: -# https://github.com/wazuh/wazuh-dashboard-plugins -# -# ------------------------------- Index patterns ------------------------------- -# -# Default index pattern to use. -#pattern: wazuh-alerts-* -# -# ----------------------------------- Checks ----------------------------------- -# -# Defines which checks must to be consider by the healthcheck -# step once the Wazuh app starts. Values must to be true or false. -#checks.pattern : true -#checks.template: true -#checks.api : true -#checks.setup : true -#checks.metaFields: true -# -# --------------------------------- Extensions --------------------------------- -# -# Defines which extensions should be activated when you add a new API entry. -# You can change them after Wazuh app starts. -# Values must to be true or false. -#extensions.pci : true -#extensions.gdpr : true -#extensions.hipaa : true -#extensions.nist : true -#extensions.tsc : true -#extensions.audit : true -#extensions.oscap : false -#extensions.ciscat : false -#extensions.aws : false -#extensions.gcp : false -#extensions.virustotal: false -#extensions.osquery : false -#extensions.docker : false -# -# ---------------------------------- Time out ---------------------------------- -# -# Defines maximum timeout to be used on the Wazuh app requests. -# It will be ignored if it is bellow 1500. -# It means milliseconds before we consider a request as failed. -# Default: 20000 -#timeout: 20000 -# -# -------------------------------- API selector -------------------------------- -# -# Defines if the user is allowed to change the selected -# API directly from the Wazuh app top menu. -# Default: true -#api.selector: true -# -# --------------------------- Index pattern selector --------------------------- -# -# Defines if the user is allowed to change the selected -# index pattern directly from the Wazuh app top menu. -# Default: true -#ip.selector: true -# -# List of index patterns to be ignored -#ip.ignore: [] -# -# ------------------------------ wazuh-monitoring ------------------------------ -# -# Custom setting to enable/disable wazuh-monitoring indices. -# Values: true, false, worker -# If worker is given as value, the app will show the Agents status -# visualization but won't insert data on wazuh-monitoring indices. -# Default: true -#wazuh.monitoring.enabled: true -# -# Custom setting to set the frequency for wazuh-monitoring indices cron task. -# Default: 900 (s) -#wazuh.monitoring.frequency: 900 -# -# Configure wazuh-monitoring-* indices shards and replicas. -#wazuh.monitoring.shards: 2 -#wazuh.monitoring.replicas: 0 -# -# Configure wazuh-monitoring-* indices custom creation interval. -# Values: h (hourly), d (daily), w (weekly), m (monthly) -# Default: d -#wazuh.monitoring.creation: d -# -# Default index pattern to use for Wazuh monitoring -#wazuh.monitoring.pattern: wazuh-monitoring-* -# -# --------------------------------- wazuh-cron ---------------------------------- -# -# Customize the index prefix of predefined jobs -# This change is not retroactive, if you change it new indexes will be created -# cron.prefix: test -# -# ------------------------------ wazuh-statistics ------------------------------- -# -# Custom setting to enable/disable statistics tasks. -#cron.statistics.status: true -# -# Enter the ID of the APIs you want to save data from, leave this empty to run -# the task on all configured APIs -#cron.statistics.apis: [] -# -# Define the frequency of task execution using cron schedule expressions -#cron.statistics.interval: 0 0 * * * * -# -# Define the name of the index in which the documents are to be saved. -#cron.statistics.index.name: statistics -# -# Define the interval in which the index will be created -#cron.statistics.index.creation: w -# -# ------------------------------- App privileges -------------------------------- -#admin: true -# -# ---------------------------- Hide manager alerts ------------------------------ -# Hide the alerts of the manager in all dashboards and discover -#hideManagerAlerts: false -# -# ------------------------------- App logging level ----------------------------- -# Set the logging level for the Wazuh App log files. -# Default value: info -# Allowed values: info, debug -#logs.level: info -# -# -------------------------------- Enrollment DNS ------------------------------- -# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. -# Default value: '' -#enrollment.dns: '' -# -#-------------------------------- API entries ----------------------------------- -#The following configuration is the default structure to define an API entry. -# -#hosts: -# - : -# url: http(s):// -# port: -# username: -# password: diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index e9e75972..0087b14a 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -6,6 +6,15 @@ ARG WAZUH_TAG_REVISION RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y +COPY config/check_repository.sh / +RUN chmod 775 /check_repository.sh && \ + source /check_repository.sh + +RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ + yum clean all + +COPY config/opensearch.yml / + COPY config/config.sh . COPY config/config.yml / @@ -58,7 +67,8 @@ RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh RUN chown 1000:1000 /*.sh -COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer +COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer +COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d diff --git a/build-docker-images/wazuh-indexer/config/check_repository.sh b/build-docker-images/wazuh-indexer/config/check_repository.sh new file mode 100644 index 00000000..5323ec81 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/check_repository.sh @@ -0,0 +1,30 @@ +## variables +APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH +GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" +REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1" +WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) +MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) +MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) +MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) +MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) +MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) +MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) + +## check version to use the correct repository +if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then + APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH + REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" +elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then + if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then + APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH + REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" + elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then + if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then + APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH + REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" + fi + fi +fi + +rpm --import "${APT_KEY}" +echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 299251f2..8283adfa 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -19,37 +19,6 @@ export INDEXER_FILE=wazuh-indexer-base.tar.xz export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz export REPO_DIR=/unattended_installer -rm -rf ${INSTALLATION_DIR}/ - -## variables -REPOSITORY="packages.wazuh.com/4.x" -WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) -MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) -MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) -MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) -MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1) -MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2) -MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) - -## check version to use the correct repository -if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then - REPOSITORY="packages-dev.wazuh.com/pre-release" -elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then - if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then - REPOSITORY="packages-dev.wazuh.com/pre-release" - elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then - if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then - REPOSITORY="packages-dev.wazuh.com/pre-release" - fi - fi -fi - - -curl -o ${INDEXER_FILE} https://${REPOSITORY}/stack/indexer/${BASE_FILE} -tar -xf ${INDEXER_FILE} - -## TOOLS - ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init index dae0e1f0..326c46de 100644 --- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init @@ -199,7 +199,7 @@ main() { # Restore files stored in permanent data that are not permanent (i.e. internal_options.conf) apply_exclusion_data - + # Apply correct permission and ownership set_correct_permOwner From 570bf081bcbf3aa70c5bdc922bfea3842a5f37b0 Mon Sep 17 00:00:00 2001 From: "JESUS D. GARCIA" Date: Tue, 10 Sep 2024 09:35:03 -0500 Subject: [PATCH 18/22] Update default values in Procedure_push_docker_images.yml --- .github/workflows/Procedure_push_docker_images.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 7f7bb30d..f389efb0 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -12,11 +12,11 @@ on: IMAGE_TAG: description: 'Docker image tag' required: true - default: '4.10.0' + default: '5.0.0' DOCKER_REFERENCE: description: 'wazuh-docker reference' required: true - default: '4.10.0' + default: 'master' PRODUCTS: description: 'Comma-separated list of the image names to build and push' default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer' From 95c2e34794a73fbfb758c5cd0148a6432b438c77 Mon Sep 17 00:00:00 2001 From: Jesus Garcia Date: Tue, 11 Feb 2025 08:56:58 -0500 Subject: [PATCH 19/22] Update references of 'master' branch to 'main' --- .github/workflows/trivy-dashboard.yml | 2 +- .github/workflows/trivy-indexer.yml | 2 +- .github/workflows/trivy-manager.yml | 2 +- README.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/trivy-dashboard.yml b/.github/workflows/trivy-dashboard.yml index 8bc2decf..1731c809 100644 --- a/.github/workflows/trivy-dashboard.yml +++ b/.github/workflows/trivy-dashboard.yml @@ -11,7 +11,7 @@ on: - published pull_request: branches: - - master + - main - stable schedule: - cron: '34 2 * * 1' diff --git a/.github/workflows/trivy-indexer.yml b/.github/workflows/trivy-indexer.yml index 3582e21d..3bceea3b 100644 --- a/.github/workflows/trivy-indexer.yml +++ b/.github/workflows/trivy-indexer.yml @@ -11,7 +11,7 @@ on: - published pull_request: branches: - - master + - main - stable schedule: - cron: '34 2 * * 1' diff --git a/.github/workflows/trivy-manager.yml b/.github/workflows/trivy-manager.yml index 18bdf1b8..686e2e2c 100644 --- a/.github/workflows/trivy-manager.yml +++ b/.github/workflows/trivy-manager.yml @@ -11,7 +11,7 @@ on: - published pull_request: branches: - - master + - main - stable schedule: - cron: '34 2 * * 1' diff --git a/README.md b/README.md index c49c20bc..1c23f26c 100644 --- a/README.md +++ b/README.md @@ -170,7 +170,7 @@ WAZUH_MONITORING_REPLICAS=0 ## ## Branches -* `master` branch contains the latest code, be aware of possible bugs on this branch. +* `main` branch contains the latest code, be aware of possible bugs on this branch. * `stable` branch corresponds to the last Wazuh stable version. ## Compatibility Matrix From c54db5e09aab20b8279b4844ce20fa977adf9f87 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 17 Feb 2025 13:23:35 -0300 Subject: [PATCH 20/22] Standardize version file format to VERSION.json --- README.md | 2 +- VERSION | 2 -- VERSION.json | 4 ++++ build-docker-images/build-images.sh | 9 ++------- 4 files changed, 7 insertions(+), 10 deletions(-) delete mode 100644 VERSION create mode 100644 VERSION.json diff --git a/README.md b/README.md index 1c23f26c..286cec0a 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   ├── docker-compose.yml │   ├── generate-indexer-certs.yml │   └── README.md - └── VERSION + └── VERSION.json ## Branches diff --git a/VERSION b/VERSION deleted file mode 100644 index 1c77a838..00000000 --- a/VERSION +++ /dev/null @@ -1,2 +0,0 @@ -WAZUH-DOCKER_VERSION="5.0.0" -REVISION="50000" diff --git a/VERSION.json b/VERSION.json new file mode 100644 index 00000000..93df817f --- /dev/null +++ b/VERSION.json @@ -0,0 +1,4 @@ +{ + "version": "5.0.0", + "stage": "alpha0" +} diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 6acdb2d3..42628f7e 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -53,13 +53,8 @@ build() { elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}" else - WAZUH_MASTER_VERSION="$(curl -s https://raw.githubusercontent.com/wazuh/wazuh/master/src/VERSION | sed -e 's/v//g')" - if [ "${FILEBEAT_TEMPLATE_BRANCH}" == "${WAZUH_MASTER_VERSION}" ]; then - FILEBEAT_TEMPLATE_BRANCH="master" - else - echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" - clean 1 - fi + echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" + clean 1 fi fi From 825ddd9db74d3ec5cdd2d1271c8afd84999a22c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 13 May 2025 14:33:15 -0300 Subject: [PATCH 21/22] Bump to 6.0.0 --- .env | 6 +++--- .github/.goss.yaml | 2 +- .../workflows/Procedure_push_docker_images.yml | 8 ++++---- CHANGELOG.md | 18 ++++++++++++++++++ README.md | 1 + VERSION.json | 2 +- build-docker-images/README.md | 4 ++-- build-docker-images/build-images.sh | 4 ++-- multi-node/docker-compose.yml | 12 ++++++------ multi-node/generate-certs.yml | 2 +- single-node/docker-compose.yml | 6 +++--- single-node/generate-certs.yml | 2 +- 12 files changed, 43 insertions(+), 24 deletions(-) diff --git a/.env b/.env index c2d4e554..73ca5e1e 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=5.0.0 -WAZUH_IMAGE_VERSION=5.0.0 +WAZUH_VERSION=6.0.0 +WAZUH_IMAGE_VERSION=6.0.0 WAZUH_TAG_REVISION=1 -FILEBEAT_TEMPLATE_BRANCH=5.0.0 +FILEBEAT_TEMPLATE_BRANCH=6.0.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_UI_REVISION=1 diff --git a/.github/.goss.yaml b/.github/.goss.yaml index d7898027..22467634 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 5.0.0-1 + - 6.0.0-1 port: tcp:1514: listening: true diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index d5c65794..5858e901 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -6,11 +6,11 @@ on: inputs: image_tag: description: 'Docker image tag' - default: '5.0.0' + default: '6.0.0' required: true docker_reference: description: 'wazuh-docker reference' - default: 'v5.0.0' + default: 'v6.0.0' required: true PRODUCTS: description: 'Comma-separated list of the image names to build and push' @@ -42,12 +42,12 @@ on: inputs: image_tag: description: 'Docker image tag' - default: '5.0.0' + default: '6.0.0' required: true type: string docker_reference: description: 'wazuh-docker reference' - default: 'v5.0.0' + default: 'v6.0.0' required: false type: string products: diff --git a/CHANGELOG.md b/CHANGELOG.md index a45708e0..ea50cfff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,24 @@ # Change Log All notable changes to this project will be documented in this file. +## [6.0.0] + +### Added + +- none + +### Changed + +- None + +### Fixed + +- None + +### Deleted + +- None + ## [5.0.0] ### Added diff --git a/README.md b/README.md index 286cec0a..70fa5871 100644 --- a/README.md +++ b/README.md @@ -177,6 +177,7 @@ WAZUH_MONITORING_REPLICAS=0 ## | Wazuh version | ODFE | XPACK | |---------------|---------|--------| +| v6.0.0 | | | | v5.0.0 | | | | v4.10.2 | | | | v4.10.1 | | | diff --git a/VERSION.json b/VERSION.json index 93df817f..cba265da 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1,4 +1,4 @@ { - "version": "5.0.0", + "version": "6.0.0", "stage": "alpha0" } diff --git a/build-docker-images/README.md b/build-docker-images/README.md index 11fde42c..a62b4028 100644 --- a/build-docker-images/README.md +++ b/build-docker-images/README.md @@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: ``` -$ build-docker-images/build-images.sh -v 5.0.0 +$ build-docker-images/build-images.sh -v 6.0.0 ``` To get all the available script options use the -h or --help option: @@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS] -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.4. -r, --revision [Optional] Package revision. By default 1 - -v, --version [Optional] Set the Wazuh version should be builded. By default, 5.0.0. + -v, --version [Optional] Set the Wazuh version should be builded. By default, 6.0.0. -h, --help Show this help. ``` \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 42628f7e..e6c0f171 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,4 +1,4 @@ -WAZUH_IMAGE_VERSION=5.0.0 +WAZUH_IMAGE_VERSION=6.0.0 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') @@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="5.0.0" +WAZUH_IMAGE_VERSION="6.0.0" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" FILEBEAT_MODULE_VERSION="0.4" diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index f45a5359..efeaf3ea 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:5.0.0 + image: wazuh/wazuh-manager:6.0.0 hostname: wazuh.master restart: always ulimits: @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:5.0.0 + image: wazuh/wazuh-manager:6.0.0 hostname: wazuh.worker restart: always ulimits: @@ -81,7 +81,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:6.0.0 hostname: wazuh1.indexer restart: always ulimits: @@ -134,7 +134,7 @@ services: # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:6.0.0 hostname: wazuh2.indexer restart: always ulimits: @@ -183,7 +183,7 @@ services: # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:6.0.0 hostname: wazuh3.indexer restart: always ulimits: @@ -232,7 +232,7 @@ services: # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:5.0.0 + image: wazuh/wazuh-dashboard:6.0.0 hostname: wazuh.dashboard restart: always ulimits: diff --git a/multi-node/generate-certs.yml b/multi-node/generate-certs.yml index efcd8d87..9018ee69 100644 --- a/multi-node/generate-certs.yml +++ b/multi-node/generate-certs.yml @@ -3,7 +3,7 @@ version: '3' services: generator: - image: wazuh/wazuh-cert-tool:5.0.0 + image: wazuh/wazuh-cert-tool:6.0.0 hostname: wazuh-cert-tool container_name: wazuh-cert-tool volumes: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index cdef5a42..646891da 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:5.0.0 + image: wazuh/wazuh-manager:6.0.0 hostname: wazuh.manager restart: always ulimits: @@ -46,7 +46,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:6.0.0 hostname: wazuh.indexer restart: always ulimits: @@ -98,7 +98,7 @@ services: # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:5.0.0 + image: wazuh/wazuh-dashboard:6.0.0 hostname: wazuh.dashboard restart: always ulimits: diff --git a/single-node/generate-certs.yml b/single-node/generate-certs.yml index 6826ed7d..82b02718 100644 --- a/single-node/generate-certs.yml +++ b/single-node/generate-certs.yml @@ -3,7 +3,7 @@ version: '3' services: generator: - image: wazuh/wazuh-cert-tool:5.0.0 + image: wazuh/wazuh-cert-tool:6.0.0 hostname: wazuh-cert-tool container_name: wazuh-cert-tool volumes: From 7371f40bb188bb87bf50cb74995245db8708fd0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 13 May 2025 14:38:22 -0300 Subject: [PATCH 22/22] Bump to 6.0 --- build-docker-images/wazuh-cert-tool/config/entrypoint.sh | 4 ++-- build-docker-images/wazuh-dashboard/config/config.sh | 4 ++-- build-docker-images/wazuh-indexer/config/config.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build-docker-images/wazuh-cert-tool/config/entrypoint.sh b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh index 75861833..92ffc0d4 100644 --- a/build-docker-images/wazuh-cert-tool/config/entrypoint.sh +++ b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh @@ -8,8 +8,8 @@ ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/5.0/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ +PACKAGES_URL=https://packages.wazuh.com/6.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index a9c12e10..71f85932 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh -PACKAGES_URL=https://packages.wazuh.com/5.0/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ +PACKAGES_URL=https://packages.wazuh.com/6.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 29a09b73..a210ee12 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/5.0/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ +PACKAGES_URL=https://packages.wazuh.com/6.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')