Merge pull request #2093 from wazuh/change/6569-nokia-private-key-hardcoded-in-wazuh-manager-image-4.14.2

Removed sslmanager key from the docker manager image to 4.14.2

CHANGELOG.md

@@ -10,7 +10,7 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
-- None
+- Removed sslmanager key from the docker manager image to 4.14.2. ([#2093](https://github.com/wazuh/wazuh-docker/pull/2093))
 
 ### Fixed
 

build-docker-images/wazuh-manager/Dockerfile

@@ -40,6 +40,10 @@ COPY config/filebeat.yml /etc/filebeat/
 
 RUN chmod go-w /etc/filebeat/filebeat.yml
 
+# Remove wazuh-authd default certs to force generation of new ones at container startup
+RUN rm -f /var/ossec/etc/sslmanager.key && \
+    rm -f /var/ossec/etc/sslmanager.cert
+
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -6,8 +6,6 @@ source /permanent_data.env
 
 WAZUH_INSTALL_PATH=/var/ossec
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
-
 
 ##############################################################################
 # Aux functions
@@ -215,13 +213,10 @@ main() {
   # Remove some files in permanent_data (i.e. .template.db)
   remove_data_files
 
-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
-  if [ $AUTO_ENROLLMENT_ENABLED == true ]
+  # Create wazuh-authd key and cert if not present
+  if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
   then
-    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
-    then
-      create_ossec_key_cert
-    fi
+    create_ossec_key_cert
   fi
 
   # Mount selected files (WAZUH_CONFIG_MOUNT) to container