From d3d2ae7b8687125e331c22de850e4cbb3d2b62bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 13 Feb 2024 10:32:58 +0100 Subject: [PATCH 01/15] Bump version to 5.0.0 --- .env | 6 +++--- .github/.goss.yaml | 2 +- CHANGELOG.md | 5 +++++ README.md | 1 + VERSION | 4 ++-- build-docker-images/README.md | 4 ++-- build-docker-images/build-images.sh | 4 ++-- multi-node/docker-compose.yml | 12 ++++++------ single-node/docker-compose.yml | 6 +++--- 9 files changed, 25 insertions(+), 19 deletions(-) diff --git a/.env b/.env index 8f5d52ffd..c2d4e554f 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=4.9.0 -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_VERSION=5.0.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_TAG_REVISION=1 -FILEBEAT_TEMPLATE_BRANCH=4.9.0 +FILEBEAT_TEMPLATE_BRANCH=5.0.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_UI_REVISION=1 diff --git a/.github/.goss.yaml b/.github/.goss.yaml index a2ee17aa7..d78980273 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 4.9.0-1 + - 5.0.0-1 port: tcp:1514: listening: true diff --git a/CHANGELOG.md b/CHANGELOG.md index a7bf88628..ef39d81d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Docker v5.0.0 +### Added + +- Update Wazuh to version [5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#v500) + ## Wazuh Docker v4.9.0 ### Added diff --git a/README.md b/README.md index 3bd8d37a1..f06a456cb 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,7 @@ WAZUH_MONITORING_REPLICAS=0 ## | Wazuh version | ODFE | XPACK | |---------------|---------|--------| +| v5.0.0 | | | | v4.9.0 | | | | v4.8.2 | | | | v4.8.1 | | | diff --git a/VERSION b/VERSION index a25e5cee2..1c77a838f 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-DOCKER_VERSION="4.9.0" -REVISION="40900" +WAZUH-DOCKER_VERSION="5.0.0" +REVISION="50000" diff --git a/build-docker-images/README.md b/build-docker-images/README.md index d4c5b4ff2..11fde42cd 100644 --- a/build-docker-images/README.md +++ b/build-docker-images/README.md @@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: ``` -$ build-docker-images/build-images.sh -v 4.9.0 +$ build-docker-images/build-images.sh -v 5.0.0 ``` To get all the available script options use the -h or --help option: @@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS] -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.4. -r, --revision [Optional] Package revision. By default 1 - -v, --version [Optional] Set the Wazuh version should be builded. By default, 4.9.0. + -v, --version [Optional] Set the Wazuh version should be builded. By default, 5.0.0. -h, --help Show this help. ``` \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index f8ba8a569..343dda87e 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,4 +1,4 @@ -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') @@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="4.9.0" +WAZUH_IMAGE_VERSION="5.0.0" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" FILEBEAT_MODULE_VERSION="0.4" diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 95de74c59..02c657554 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.master restart: always ulimits: @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.worker restart: always ulimits: @@ -81,7 +81,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always ports: @@ -108,7 +108,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always environment: @@ -130,7 +130,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always environment: @@ -152,7 +152,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index dd697a705..8a918738e 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.manager restart: always ulimits: @@ -46,7 +46,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always ports: @@ -72,7 +72,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: From 935aee6d2acf279dc8986fc4e192344a13c98ea6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 19 Mar 2024 11:39:01 +0100 Subject: [PATCH 02/15] Fixed references to 4.8 in `master` --- build-docker-images/wazuh-dashboard/config/config.sh | 4 ++-- build-docker-images/wazuh-indexer/config/config.sh | 4 ++-- indexer-certs-creator/config/entrypoint.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 793067216..b2cbfea47 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 2768f157e..ed4fff5cd 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE} ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh index d3e0534e9..3884ba640 100644 --- a/indexer-certs-creator/config/entrypoint.sh +++ b/indexer-certs-creator/config/entrypoint.sh @@ -8,8 +8,8 @@ ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') From f4ccd4b0a6e311aed44d55fec6e33220333fc6ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= Date: Tue, 9 Apr 2024 09:26:47 +0200 Subject: [PATCH 03/15] Removed commented lines 87 to 91 --- build-docker-images/wazuh-indexer/config/entrypoint.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 2acb4aa09..649d610d1 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -84,10 +84,4 @@ if [[ "$(id -u)" == "0" ]]; then fi -#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then - # run securityadmin.sh for single node with CACERT, CERT and KEY parameter -# nohup /securityadmin.sh & -# touch "/var/lib/wazuh-indexer/.flag" -#fi - run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file From 10f278cadb94f1033378a77a811edafa5728e551 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 23 Apr 2024 11:43:29 -0300 Subject: [PATCH 04/15] add environment variables for configure wazuh indexer and dashboard files --- .../wazuh-dashboard/Dockerfile | 14 +- .../wazuh-dashboard/config/config.sh | 4 +- .../wazuh-dashboard/config/config.yml | 4 +- .../wazuh-dashboard/config/entrypoint.sh | 221 ++++++++++++- .../config/opensearch_dashboards.yml | 13 - build-docker-images/wazuh-indexer/Dockerfile | 19 +- .../wazuh-indexer/config/action_groups.yml | 12 - .../wazuh-indexer/config/config.sh | 6 - .../wazuh-indexer/config/entrypoint.sh | 295 +++++++++++++++++- .../wazuh-indexer/config/internal_users.yml | 74 ----- .../wazuh-indexer/config/opensearch.yml | 26 -- .../wazuh-indexer/config/roles.yml | 171 ---------- .../wazuh-indexer/config/roles_mapping.yml | 78 ----- .../wazuh_dashboard/opensearch_dashboards.yml | 12 - .../config/wazuh_indexer/wazuh1.indexer.yml | 38 --- .../config/wazuh_indexer/wazuh2.indexer.yml | 38 --- .../config/wazuh_indexer/wazuh3.indexer.yml | 38 --- multi-node/docker-compose.yml | 117 ++++++- single-node/docker-compose.yml | 47 ++- 19 files changed, 690 insertions(+), 537 deletions(-) delete mode 100644 build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml delete mode 100644 build-docker-images/wazuh-indexer/config/action_groups.yml delete mode 100644 build-docker-images/wazuh-indexer/config/internal_users.yml delete mode 100644 build-docker-images/wazuh-indexer/config/opensearch.yml delete mode 100644 build-docker-images/wazuh-indexer/config/roles.yml delete mode 100644 build-docker-images/wazuh-indexer/config/roles_mapping.yml delete mode 100644 multi-node/config/wazuh_dashboard/opensearch_dashboards.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh1.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh2.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh3.indexer.yml diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index e2e0bfd78..786bea0a0 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -26,7 +26,7 @@ RUN chmod 775 /install_wazuh_app.sh RUN bash /install_wazuh_app.sh # Copy and set permissions to config files -COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/ +RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml @@ -34,6 +34,7 @@ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs +RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount ################################################################################ # Build stage 1 (the current Wazuh dashboard image): @@ -108,6 +109,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME=$INSTALL_DIR/jdk +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + # Set workdir and user WORKDIR $INSTALL_DIR USER wazuh-dashboard @@ -116,3 +126,5 @@ USER wazuh-dashboard EXPOSE 443 ENTRYPOINT [ "/entrypoint.sh" ] + +CMD ["opensearch-dashboards"] diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index b2cbfea47..a9c12e103 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A mkdir -p ${CONFIG_DIR}/certs # Copy Wazuh dashboard certs to install config dir -cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem -cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem +cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem +cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem chmod -R 500 ${CONFIG_DIR}/certs diff --git a/build-docker-images/wazuh-dashboard/config/config.yml b/build-docker-images/wazuh-dashboard/config/config.yml index 24764d543..8135fcfea 100644 --- a/build-docker-images/wazuh-dashboard/config/config.yml +++ b/build-docker-images/wazuh-dashboard/config/config.yml @@ -1,5 +1,5 @@ nodes: # Wazuh dashboard server nodes dashboard: - - name: demo.dashboard - ip: demo.dashboard \ No newline at end of file + - name: dashboard + ip: wazuh.dashboard diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh index 290f9fa8b..698ebd622 100644 --- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh +++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh @@ -2,6 +2,215 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) INSTALL_DIR=/usr/share/wazuh-dashboard +export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR +WAZUH_CONFIG_MOUNT=/wazuh-config-mount + +opensearch_dashboards_vars=( + console.enabled + console.proxyConfig + console.proxyFilter + ops.cGroupOverrides.cpuPath + ops.cGroupOverrides.cpuAcctPath + cpu.cgroup.path.override + cpuacct.cgroup.path.override + server.basePath + server.customResponseHeaders + server.compression.enabled + server.compression.referrerWhitelist + server.cors + server.cors.origin + server.defaultRoute + server.host + server.keepAliveTimeout + server.maxPayloadBytes + server.name + server.port + csp.rules + csp.strict + csp.warnLegacyBrowsers + data.search.usageTelemetry.enabled + opensearch.customHeaders + opensearch.hosts + opensearch.logQueries + opensearch.memoryCircuitBreaker.enabled + opensearch.memoryCircuitBreaker.maxPercentage + opensearch.password + opensearch.pingTimeout + opensearch.requestHeadersWhitelist + opensearch.requestHeadersAllowlist + opensearch_security.multitenancy.enabled + opensearch_security.readonly_mode.roles + opensearch.requestTimeout + opensearch.shardTimeout + opensearch.sniffInterval + opensearch.sniffOnConnectionFault + opensearch.sniffOnStart + opensearch.ssl.alwaysPresentCertificate + opensearch.ssl.certificate + opensearch.ssl.key + opensearch.ssl.keyPassphrase + opensearch.ssl.keystore.path + opensearch.ssl.keystore.password + opensearch.ssl.truststore.path + opensearch.ssl.truststore.password + opensearch.ssl.verificationMode + opensearch.username + i18n.locale + interpreter.enableInVisualize + opensearchDashboards.autocompleteTerminateAfter + opensearchDashboards.autocompleteTimeout + opensearchDashboards.defaultAppId + opensearchDashboards.index + logging.dest + logging.json + logging.quiet + logging.rotate.enabled + logging.rotate.everyBytes + logging.rotate.keepFiles + logging.rotate.pollingInterval + logging.rotate.usePolling + logging.silent + logging.useUTC + logging.verbose + map.includeOpenSearchMapsService + map.proxyOpenSearchMapsServiceInMaps + map.regionmap + map.tilemap.options.attribution + map.tilemap.options.maxZoom + map.tilemap.options.minZoom + map.tilemap.options.subdomains + map.tilemap.url + monitoring.cluster_alerts.email_notifications.email_address + monitoring.enabled + monitoring.opensearchDashboards.collection.enabled + monitoring.opensearchDashboards.collection.interval + monitoring.ui.container.opensearch.enabled + monitoring.ui.container.logstash.enabled + monitoring.ui.opensearch.password + monitoring.ui.opensearch.pingTimeout + monitoring.ui.opensearch.hosts + monitoring.ui.opensearch.username + monitoring.ui.opensearch.logFetchCount + monitoring.ui.opensearch.ssl.certificateAuthorities + monitoring.ui.opensearch.ssl.verificationMode + monitoring.ui.enabled + monitoring.ui.max_bucket_size + monitoring.ui.min_interval_seconds + newsfeed.enabled + ops.interval + path.data + pid.file + regionmap + security.showInsecureClusterWarning + server.rewriteBasePath + server.socketTimeout + server.customResponseHeaders + server.ssl.enabled + server.ssl.key + server.ssl.keyPassphrase + server.ssl.keystore.path + server.ssl.keystore.password + server.ssl.truststore.path + server.ssl.truststore.password + server.ssl.cert + server.ssl.certificate + server.ssl.certificateAuthorities + server.ssl.cipherSuites + server.ssl.clientAuthentication + opensearch.ssl.certificateAuthorities + server.ssl.redirectHttpFromPort + server.ssl.supportedProtocols + server.xsrf.disableProtection + server.xsrf.whitelist + status.allowAnonymous + status.v6ApiFormat + tilemap.options.attribution + tilemap.options.maxZoom + tilemap.options.minZoom + tilemap.options.subdomains + tilemap.url + timeline.enabled + vega.enableExternalUrls + apm_oss.apmAgentConfigurationIndex + apm_oss.indexPattern + apm_oss.errorIndices + apm_oss.onboardingIndices + apm_oss.spanIndices + apm_oss.sourcemapIndices + apm_oss.transactionIndices + apm_oss.metricsIndices + telemetry.allowChangingOptInStatus + telemetry.enabled + telemetry.optIn + telemetry.optInStatusUrl + telemetry.sendUsageFrom + vis_builder.enabled + data_source.enabled + data_source.encryption.wrappingKeyName + data_source.encryption.wrappingKeyNamespace + data_source.encryption.wrappingKey + data_source.audit.enabled + data_source.audit.appender.kind + data_source.audit.appender.path + data_source.audit.appender.layout.kind + data_source.audit.appender.layout.highlight + data_source.audit.appender.layout.pattern + ml_commons_dashboards.enabled + assistant.chat.enabled + observability.query_assist.enabled + uiSettings.overrides.defaultRoute +) + +print() { + echo -e $1 +} + +error_and_exit() { + echo "Error executing command: '$1'." + echo 'Exiting.' + exit 1 +} + +exec_cmd() { + eval $1 > /dev/null 2>&1 || error_and_exit "$1" +} + +exec_cmd_stdout() { + eval $1 2>&1 || error_and_exit "$1" +} + +function runOpensearchDashboards { + touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + longoptfile="${opensearch_dashboards_var}: ${value}" + if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then + sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + else + echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + fi + fi + done + + umask 0002 + + /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \ + --cpu.cgroup.path.override=/ \ + --cpuacct.cgroup.path.override=/ +} + +mount_files() { + if [ -e $WAZUH_CONFIG_MOUNT/* ] + then + print "Identified Wazuh cdashboard onfiguration files to mount..." + exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR" + else + print "No Wazuh dashboard configuration files to mount..." + fi +} + DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}" DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}" @@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o /wazuh_app_config.sh $WAZUH_UI_REVISION -/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml \ No newline at end of file +mount_files + +if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then + set -- opensearch-dashboards "$@" +fi + +if [ "$1" = "opensearch-dashboards" ]; then + runOpensearchDashboards "$@" +else + exec "$@" +fi diff --git a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml b/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml deleted file mode 100644 index 68e6c85f1..000000000 --- a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml +++ /dev/null @@ -1,13 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh.indexer:9200 -opensearch.ssl.verificationMode: none -opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home - diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index bd579225b..8d1ae4512 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -6,20 +6,10 @@ ARG WAZUH_TAG_REVISION RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y -COPY config/opensearch.yml / - COPY config/config.sh . COPY config/config.yml / -COPY config/action_groups.yml / - -COPY config/internal_users.yml / - -COPY config/roles_mapping.yml / - -COPY config/roles.yml / - RUN bash config.sh ################################################################################ @@ -36,6 +26,15 @@ ENV USER="wazuh-indexer" \ NAME="wazuh-indexer" \ INSTALL_DIR="/usr/share/wazuh-indexer" +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME="$INSTALL_DIR/jdk" +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + RUN yum install curl-minimal shadow-utils findutils hostname -y RUN getent group $GROUP || groupadd -r -g 1000 $GROUP diff --git a/build-docker-images/wazuh-indexer/config/action_groups.yml b/build-docker-images/wazuh-indexer/config/action_groups.yml deleted file mode 100644 index 04119c8a2..000000000 --- a/build-docker-images/wazuh-indexer/config/action_groups.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -_meta: - type: "actiongroups" - config_version: 2 - -# ISM API permissions group -manage_ism: - reserved: true - hidden: false - allowed_actions: - - "cluster:admin/opendistro/ism/*" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index ed4fff5cd..299251f25 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -117,12 +117,6 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR} # Copy the security tools cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ -# Copy Wazuh's config files for the security plugin -cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 649d610d1..60ae01d37 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -7,12 +7,272 @@ umask 0002 export USER=wazuh-indexer export INSTALLATION_DIR=/usr/share/wazuh-indexer export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR} -export JAVA_HOME=${INSTALLATION_DIR}/jdk -export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" +opensearch_vars=( + cluster.name + node.name + node.roles + path.data + path.logs + bootstrap.memory_lock + network.host + http.port + transport.port + network.bind_host + network.publish_host + transport.tcp.port + compatibility.override_main_response_version + http.host + http.bind_host + http.publish_host + http.compression + transport.host + transport.bind_host + transport.publish_host + discovery.seed_hosts + discovery.seed_providers + discovery.type + cluster.initial_cluster_manager_nodes + cluster.initial_master_nodes + node.max_local_storage_nodes + gateway.recover_after_nodes + gateway.recover_after_data_nodes + gateway.expected_data_nodes + gateway.recover_after_time + plugins.security.nodes_dn + plugins.security.nodes_dn_dynamic_config_enabled + plugins.security.authcz.admin_dn + plugins.security.roles_mapping_resolution + plugins.security.dls.mode + plugins.security.compliance.salt + config.dynamic.http.anonymous_auth_enabled + plugins.security.restapi.roles_enabled + plugins.security.restapi.password_validation_regex + plugins.security.restapi.password_validation_error_message + plugins.security.restapi.password_min_length + plugins.security.restapi.password_score_based_validation_strength + plugins.security.unsupported.restapi.allow_securityconfig_modification + plugins.security.authcz.impersonation_dn + plugins.security.authcz.rest_impersonation_user + plugins.security.allow_default_init_securityindex + plugins.security.allow_unsafe_democertificates + plugins.security.system_indices.permission.enabled + plugins.security.config_index_name + plugins.security.cert.oid + plugins.security.cert.intercluster_request_evaluator_class + plugins.security.enable_snapshot_restore_privilege + plugins.security.check_snapshot_restore_write_privileges + plugins.security.cache.ttl_minutes + plugins.security.protected_indices.enabled + plugins.security.protected_indices.roles + plugins.security.protected_indices.indices + plugins.security.system_indices.enabled + plugins.security.system_indices.indices + plugins.security.audit.enable_rest + plugins.security.audit.enable_transport + plugins.security.audit.resolve_bulk_requests + plugins.security.audit.config.disabled_categories + plugins.security.audit.ignore_requests + plugins.security.audit.threadpool.size + plugins.security.audit.threadpool.max_queue_len + plugins.security.audit.ignore_users + plugins.security.audit.type + plugins.security.audit.config.http_endpoints + plugins.security.audit.config.index + plugins.security.audit.config.type + plugins.security.audit.config.username + plugins.security.audit.config.password + plugins.security.audit.config.enable_ssl + plugins.security.audit.config.verify_hostnames + plugins.security.audit.config.enable_ssl_client_auth + plugins.security.audit.config.cert_alias + plugins.security.audit.config.pemkey_filepath + plugins.security.audit.config.pemkey_content + plugins.security.audit.config.pemkey_password + plugins.security.audit.config.pemcert_filepath + plugins.security.audit.config.pemcert_content + plugins.security.audit.config.pemtrustedcas_filepath + plugins.security.audit.config.pemtrustedcas_content + plugins.security.audit.config.webhook.url + plugins.security.audit.config.webhook.format + plugins.security.audit.config.webhook.ssl.verify + plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath + plugins.security.audit.config.webhook.ssl.pemtrustedcas_content + plugins.security.audit.config.log4j.logger_name + plugins.security.audit.config.log4j.level + opendistro_security.audit.config.disabled_rest_categories + opendistro_security.audit.config.disabled_transport_categories + plugins.security.ssl.transport.enforce_hostname_verification + plugins.security.ssl.transport.resolve_hostname + plugins.security.ssl.http.clientauth_mode + plugins.security.ssl.http.enabled_ciphers + plugins.security.ssl.http.enabled_protocols + plugins.security.ssl.transport.enabled_ciphers + plugins.security.ssl.transport.enabled_protocols + plugins.security.ssl.transport.keystore_type + plugins.security.ssl.transport.keystore_filepath + plugins.security.ssl.transport.keystore_alias + plugins.security.ssl.transport.keystore_password + plugins.security.ssl.transport.truststore_type + plugins.security.ssl.transport.truststore_filepath + plugins.security.ssl.transport.truststore_alias + plugins.security.ssl.transport.truststore_password + plugins.security.ssl.http.enabled + plugins.security.ssl.http.keystore_type + plugins.security.ssl.http.keystore_filepath + plugins.security.ssl.http.keystore_alias + plugins.security.ssl.http.keystore_password + plugins.security.ssl.http.truststore_type + plugins.security.ssl.http.truststore_filepath + plugins.security.ssl.http.truststore_alias + plugins.security.ssl.http.truststore_password + plugins.security.ssl.transport.enable_openssl_if_available + plugins.security.ssl.http.enable_openssl_if_available + plugins.security.ssl.transport.pemkey_filepath + plugins.security.ssl.transport.pemkey_password + plugins.security.ssl.transport.pemcert_filepath + plugins.security.ssl.transport.pemtrustedcas_filepath + plugins.security.ssl.http.pemkey_filepath + plugins.security.ssl.http.pemkey_password + plugins.security.ssl.http.pemcert_filepath + plugins.security.ssl.http.pemtrustedcas_filepath + plugins.security.ssl.transport.enabled + plugins.security.ssl.transport.client.pemkey_password + plugins.security.ssl.transport.keystore_keypassword + plugins.security.ssl.transport.server.keystore_keypassword + plugins.sercurity.ssl.transport.server.keystore_alias + plugins.sercurity.ssl.transport.client.keystore_alias + plugins.sercurity.ssl.transport.server.truststore_alias + plugins.sercurity.ssl.transport.client.truststore_alias + plugins.security.ssl.client.external_context_id + plugins.secuirty.ssl.transport.principal_extractor_class + plugins.security.ssl.http.crl.file_path + plugins.security.ssl.http.crl.validate + plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp + plugins.security.ssl.http.crl.check_only_end_entitites + plugins.security.ssl.http.crl.disable_ocsp + plugins.security.ssl.http.crl.disable_crldp + plugins.security.ssl.allow_client_initiated_renegotiation + indices.breaker.total.use_real_memory + indices.breaker.total.limit + indices.breaker.fielddata.limit + indices.breaker.fielddata.overhead + indices.breaker.request.limit + indices.breaker.request.overhead + network.breaker.inflight_requests.limit + network.breaker.inflight_requests.overhead + cluster.routing.allocation.enable + cluster.routing.allocation.node_concurrent_incoming_recoveries + cluster.routing.allocation.node_concurrent_outgoing_recoveries + cluster.routing.allocation.node_concurrent_recoveries + cluster.routing.allocation.node_initial_primaries_recoveries + cluster.routing.allocation.same_shard.host + cluster.routing.rebalance.enable + cluster.routing.allocation.allow_rebalance + cluster.routing.allocation.cluster_concurrent_rebalance + cluster.routing.allocation.balance.shard + cluster.routing.allocation.balance.index + cluster.routing.allocation.balance.threshold + cluster.routing.allocation.balance.prefer_primary + cluster.routing.allocation.disk.threshold_enabled + cluster.routing.allocation.disk.watermark.low + cluster.routing.allocation.disk.watermark.high + cluster.routing.allocation.disk.watermark.flood_stage + cluster.info.update.interval + cluster.routing.allocation.shard_movement_strategy + cluster.blocks.read_only + cluster.blocks.read_only_allow_delete + cluster.max_shards_per_node + cluster.persistent_tasks.allocation.enable + cluster.persistent_tasks.allocation.recheck_interval + cluster.search.request.slowlog.threshold.warn + cluster.search.request.slowlog.threshold.info + cluster.search.request.slowlog.threshold.debug + cluster.search.request.slowlog.threshold.trace + cluster.search.request.slowlog.level + cluster.fault_detection.leader_check.timeout + cluster.fault_detection.follower_check.timeout + action.auto_create_index + action.destructive_requires_name + cluster.default.index.refresh_interval + cluster.minimum.index.refresh_interval + cluster.indices.close.enable + indices.recovery.max_bytes_per_sec + indices.recovery.max_concurrent_file_chunks + indices.recovery.max_concurrent_operations + indices.recovery.max_concurrent_remote_store_streams + indices.time_series_index.default_index_merge_policy + indices.fielddata.cache.size + index.number_of_shards + index.number_of_routing_shards + index.shard.check_on_startup + index.codec + index.codec.compression_level + index.routing_partition_size + index.soft_deletes.retention_lease.period + index.load_fixed_bitset_filters_eagerly + index.hidden + index.merge.policy + index.merge_on_flush.enabled + index.merge_on_flush.max_full_flush_merge_wait_time + index.merge_on_flush.policy + index.check_pending_flush.enabled + index.number_of_replicas + index.auto_expand_replicas + index.search.idle.after + index.refresh_interval + index.max_result_window + index.max_inner_result_window + index.max_rescore_window + index.max_docvalue_fields_search + index.max_script_fields + index.max_ngram_diff + index.max_shingle_diff + index.max_refresh_listeners + index.analyze.max_token_count + index.highlight.max_analyzed_offset + index.max_terms_count + index.max_regex_length + index.query.default_field + index.query.max_nested_depth + index.routing.allocation.enable + index.routing.rebalance.enable + index.gc_deletes + index.default_pipeline + index.final_pipeline + index.optimize_doc_id_lookup.fuzzy_set.enabled + index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability + search.max_buckets + search.phase_took_enabled + search.allow_expensive_queries + search.default_allow_partial_results + search.cancel_after_time_interval + search.default_search_timeout + search.default_keep_alive + search.keep_alive_interval + search.max_keep_alive + search.low_level_cancellation + search.max_open_scroll_context + search.request_stats_enabled + search.highlight.term_vector_multi_value + snapshot.max_concurrent_operations + cluster.remote_store.translog.buffer_interval + remote_store.moving_average_window_size + opensearch.notifications.core.allowed_config_types + opensearch.notifications.core.email.minimum_header_length + opensearch.notifications.core.email.size_limit + opensearch.notifications.core.http.connection_timeout + opensearch.notifications.core.http.host_deny_list + opensearch.notifications.core.http.max_connection_per_route + opensearch.notifications.core.http.max_connections + opensearch.notifications.core.http.socket_timeout + opensearch.notifications.core.tooltip_support + opensearch.notifications.general.filter_by_backend_roles +) + run_as_other_user_if_needed() { if [[ "$(id -u)" == "0" ]]; then # If running as root, drop to specified UID and run command @@ -24,6 +284,37 @@ run_as_other_user_if_needed() { fi } +function buildOpensearchConfig { + echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml + for opensearch_var in ${opensearch_vars[*]}; do + env_var=$(echo ${opensearch_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)" + sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + fi + while : + do + case "$charline" in + "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;; + *) break;; + esac + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + done + longoptfile="${opensearch_var}: ${value}" + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml + else + echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml + fi + fi + done +} + +buildOpensearchConfig + # Allow user specify custom CMD, maybe bin/opensearch itself # for example to directly specify `-E` style parameters for opensearch on k8s # or simply to run /bin/bash to check the image diff --git a/build-docker-images/wazuh-indexer/config/internal_users.yml b/build-docker-images/wazuh-indexer/config/internal_users.yml deleted file mode 100644 index 40fcb9cda..000000000 --- a/build-docker-images/wazuh-indexer/config/internal_users.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: "internalusers" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" - reserved: true - backend_roles: - - "admin" - description: "Demo admin user" - -kibanaserver: - hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." - reserved: true - description: "Demo kibanaserver user" - -kibanaro: - hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" - reserved: false - backend_roles: - - "kibanauser" - - "readall" - attributes: - attribute1: "value1" - attribute2: "value2" - attribute3: "value3" - description: "Demo kibanaro user" - -logstash: - hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" - reserved: false - backend_roles: - - "logstash" - description: "Demo logstash user" - -readall: - hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" - reserved: false - backend_roles: - - "readall" - description: "Demo readall user" - -snapshotrestore: - hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" - reserved: false - backend_roles: - - "snapshotrestore" - description: "Demo snapshotrestore user" - -wazuh_admin: - hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false - -wazuh_user: - hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/opensearch.yml b/build-docker-images/wazuh-indexer/config/opensearch.yml deleted file mode 100644 index 1f0a78b36..000000000 --- a/build-docker-images/wazuh-indexer/config/opensearch.yml +++ /dev/null @@ -1,26 +0,0 @@ -network.host: "0.0.0.0" -node.name: "wazuh.indexer" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -discovery.type: single-node -compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml deleted file mode 100644 index f8bc557a8..000000000 --- a/build-docker-images/wazuh-indexer/config/roles.yml +++ /dev/null @@ -1,171 +0,0 @@ -_meta: - type: "roles" - config_version: 2 - -# Restrict users so they can only view visualization and dashboards on kibana -kibana_read_only: - reserved: true - -# The security REST API access role is used to assign specific users access to change the security settings through the REST API. -security_rest_api_access: - reserved: true - -# Allows users to view monitors, destinations and alerts -alerting_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/get' - - 'cluster:admin/opendistro/alerting/destination/get' - - 'cluster:admin/opendistro/alerting/monitor/get' - - 'cluster:admin/opendistro/alerting/monitor/search' - -# Allows users to view and acknowledge alerts -alerting_ack_alerts: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/*' - -# Allows users to use all alerting functionality -alerting_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/alerting/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allow users to read Anomaly Detection detectors and results -anomaly_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/ad/detector/info' - - 'cluster:admin/opendistro/ad/detector/search' - - 'cluster:admin/opendistro/ad/detectors/get' - - 'cluster:admin/opendistro/ad/result/search' - - 'cluster:admin/opendistro/ad/tasks/search' - -# Allows users to use all Anomaly Detection functionality -anomaly_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/ad/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allows users to read Notebooks -notebooks_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/list' - - 'cluster:admin/opendistro/notebooks/get' - -# Allows users to all Notebooks functionality -notebooks_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/create' - - 'cluster:admin/opendistro/notebooks/update' - - 'cluster:admin/opendistro/notebooks/delete' - - 'cluster:admin/opendistro/notebooks/get' - - 'cluster:admin/opendistro/notebooks/list' - -# Allows users to read and download Reports -reports_instances_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to read and download Reports and Report-definitions -reports_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to all Reports functionality -reports_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/create' - - 'cluster:admin/opendistro/reports/definition/update' - - 'cluster:admin/opendistro/reports/definition/on_demand' - - 'cluster:admin/opendistro/reports/definition/delete' - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to use all asynchronous-search functionality -asynchronous_search_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices:data/read/search*' - -# Allows users to read stored asynchronous-search results -asynchronous_search_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/get' - -wazuh_ui_user: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - tenant_permissions: [] - static: false - -wazuh_ui_admin: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - - "delete" - - "manage" - - "index" - tenant_permissions: [] - static: false - -# ISM API permissions role -manage_ism: - reserved: true - hidden: false - cluster_permissions: - - "manage_ism" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml deleted file mode 100644 index 7fa57a4db..000000000 --- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles. -# Permissions for Wazuh indexer roles are configured in roles.yml - -_meta: - type: "rolesmapping" - config_version: 2 - -# Define your roles mapping here - -## Demo roles mapping - -all_access: - reserved: false - backend_roles: - - "admin" - description: "Maps admin to all_access" - -own_index: - reserved: false - users: - - "*" - description: "Allow full access to an index named like the username" - -logstash: - reserved: false - backend_roles: - - "logstash" - -kibana_user: - reserved: false - backend_roles: - - "kibanauser" - users: - - "wazuh_user" - - "wazuh_admin" - description: "Maps kibanauser to kibana_user" - -readall: - reserved: false - backend_roles: - - "readall" - -manage_snapshots: - reserved: false - backend_roles: - - "snapshotrestore" - -kibana_server: - reserved: true - users: - - "kibanaserver" - -wazuh_ui_admin: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_admin" - - "kibanaserver" - and_backend_roles: [] - -wazuh_ui_user: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_user" - and_backend_roles: [] - -# ISM API permissions role mapping -manage_ism: - reserved: true - hidden: false - users: - - "kibanaserver" \ No newline at end of file diff --git a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index 3a53c3f88..000000000 --- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,12 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh1.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml deleted file mode 100644 index 59cbe9bfa..000000000 --- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh1.indexer -node.name: wazuh1.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml deleted file mode 100644 index 478ed1d0b..000000000 --- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh2.indexer -node.name: wazuh2.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml deleted file mode 100644 index 8caa513dc..000000000 --- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh3.indexer -node.name: wazuh3.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index f7be620af..d9e535e32 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -87,8 +87,35 @@ services: ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh1.indexer + NODE_NAME: wazuh1.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -103,7 +130,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: @@ -111,8 +139,35 @@ services: hostname: wazuh2.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh2.indexer + NODE_NAME: wazuh2.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -125,7 +180,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem - - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: @@ -133,8 +189,35 @@ services: hostname: wazuh3.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh3.indexer + NODE_NAME: wazuh3.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -147,7 +230,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem - - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -163,11 +247,24 @@ services: - API_PASSWORD=MyS3cr37P450r.*- - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 + - OPENSEARCH_SSL_VERIFICATIONMODE=certificate + - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] + - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false + - SERVER_SSL_ENABLED=true + - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] + - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] + - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 6ae87391e..2c1dd7a51 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -53,6 +53,33 @@ services: - "9200:9200" environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - NETWORK_HOST="0.0.0.0" + - NODE_NAME="wazuh.indexer" + - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer" + - CLUSTER_NAME="wazuh-cluster" + - PATH_DATA=/var/lib/wazuh-indexer + - PATH_LOGS=/var/log/wazuh-indexer + - HTTP_PORT=9200-9299 + - TRANSPORT_TCP_PORT=9300-9399 + - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true + - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true + - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false + - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false + - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true + - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true + - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' + - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true + - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true + - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false ulimits: memlock: soft: -1 @@ -67,7 +94,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -84,12 +112,25 @@ services: - DASHBOARD_PASSWORD=kibanaserver - API_USERNAME=wazuh-wui - API_PASSWORD=MyS3cr37P450r.*- + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=https://wazuh.indexer:9200 + - OPENSEARCH_SSL_VERIFICATIONMODE=certificate + - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] + - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false + - SERVER_SSL_ENABLED=true + - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] + - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] + - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: From 7ec98fedf9d58bf29a7deb0077003f750e6e72fe Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 24 Apr 2024 05:57:27 -0300 Subject: [PATCH 05/15] correct environment settings in services --- multi-node/docker-compose.yml | 125 ++++++++++++++++--------------- single-node/docker-compose.yml | 132 +++++++++++++++++---------------- 2 files changed, 132 insertions(+), 125 deletions(-) diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index d9e535e32..f45a53593 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -18,15 +18,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - master-wazuh-api-configuration:/var/ossec/api/configuration - master-wazuh-etc:/var/ossec/etc @@ -56,13 +56,13 @@ services: soft: 655360 hard: 655360 environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key volumes: - worker-wazuh-api-configuration:/var/ossec/api/configuration - worker-wazuh-etc:/var/ossec/etc @@ -84,6 +84,13 @@ services: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - "9200:9200" environment: @@ -116,13 +123,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -132,12 +132,18 @@ services: - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" @@ -168,13 +174,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -182,12 +181,18 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" @@ -218,13 +223,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -232,42 +230,47 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" - - WAZUH_API_URL="https://wazuh.master" - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - SERVER_HOST=0.0.0.0 - - SERVER_PORT=5601 - - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 - - OPENSEARCH_SSL_VERIFICATIONMODE=certificate - - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] - - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false - - SERVER_SSL_ENABLED=true - - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] - - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" - - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" - - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] - - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home + OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200" + WAZUH_API_URL: "https://wazuh.master" + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + SERVER_HOST: "0.0.0.0" + SERVER_PORT: "5601" + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: - wazuh1.indexer links: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 2c1dd7a51..cdef5a42d 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -19,15 +19,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - wazuh_api_configuration:/var/ossec/api/configuration - wazuh_etc:/var/ossec/etc @@ -49,37 +49,6 @@ services: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always - ports: - - "9200:9200" - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - NETWORK_HOST="0.0.0.0" - - NODE_NAME="wazuh.indexer" - - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer" - - CLUSTER_NAME="wazuh-cluster" - - PATH_DATA=/var/lib/wazuh-indexer - - PATH_LOGS=/var/log/wazuh-indexer - - HTTP_PORT=9200-9299 - - TRANSPORT_TCP_PORT=9300-9399 - - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true - - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key - - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem - - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true - - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false - - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false - - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" - - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true - - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true - - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" - - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' - - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true - - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' - - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true - - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false ulimits: memlock: soft: -1 @@ -87,6 +56,37 @@ services: nofile: soft: 65536 hard: 65536 + ports: + - "9200:9200" + environment: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NODE_NAME: "wazuh.indexer" + CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer" + CLUSTER_NAME: "wazuh-cluster" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + HTTP_PORT: 9200-9299 + TRANSPORT_TCP_PORT: 9300-9399 + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -96,43 +96,47 @@ services: - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - WAZUH_API_URL=https://wazuh.manager - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - SERVER_HOST=0.0.0.0 - - SERVER_PORT=5601 - - OPENSEARCH_HOSTS=https://wazuh.indexer:9200 - - OPENSEARCH_SSL_VERIFICATIONMODE=certificate - - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] - - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false - - SERVER_SSL_ENABLED=true - - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] - - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" - - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" - - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] - - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home + WAZUH_API_URL: https://wazuh.manager + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + SERVER_HOST: 0.0.0.0 + SERVER_PORT: 5601 + OPENSEARCH_HOSTS: https://wazuh.indexer:9200 + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables - # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml depends_on: - wazuh.indexer links: From fc1ece705e92028b33c1c0d15ee53ce0e764cf88 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 05:44:14 -0300 Subject: [PATCH 06/15] Add the build of Wazuh cert tool image to build image process --- build-docker-images/build-images.sh | 1 + .../cert-tool-image}/Dockerfile | 5 +++-- .../cert-tool-image}/config/entrypoint.sh | 0 indexer-certs-creator/README.md | 9 --------- multi-node/generate-indexer-certs.yml | 5 +++-- single-node/generate-indexer-certs.yml | 5 +++-- 6 files changed, 10 insertions(+), 15 deletions(-) rename {indexer-certs-creator => build-docker-images/cert-tool-image}/Dockerfile (67%) rename {indexer-certs-creator => build-docker-images/cert-tool-image}/config/entrypoint.sh (100%) delete mode 100644 indexer-certs-creator/README.md diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 583eeaa9e..6acdb2d38 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -71,6 +71,7 @@ build() { echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache + docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/ return 0 } diff --git a/indexer-certs-creator/Dockerfile b/build-docker-images/cert-tool-image/Dockerfile similarity index 67% rename from indexer-certs-creator/Dockerfile rename to build-docker-images/cert-tool-image/Dockerfile index 58b2583ff..92c3cbaca 100644 --- a/indexer-certs-creator/Dockerfile +++ b/build-docker-images/cert-tool-image/Dockerfile @@ -1,7 +1,8 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) -FROM ubuntu:focal +FROM amazonlinux:2023 -RUN apt-get update && apt-get install openssl curl -y +RUN yum install curl-minimal openssl -y &&\ +yum clean all WORKDIR / diff --git a/indexer-certs-creator/config/entrypoint.sh b/build-docker-images/cert-tool-image/config/entrypoint.sh similarity index 100% rename from indexer-certs-creator/config/entrypoint.sh rename to build-docker-images/cert-tool-image/config/entrypoint.sh diff --git a/indexer-certs-creator/README.md b/indexer-certs-creator/README.md deleted file mode 100644 index b7dbc565e..000000000 --- a/indexer-certs-creator/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Certificate creation image build - -The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks. - -To create the image, the following command must be executed: - -``` -$ docker build -t wazuh/wazuh-certs-generator:0.0.1 . -``` diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-indexer-certs.yml index dbf2b079e..a118f0be7 100644 --- a/multi-node/generate-indexer-certs.yml +++ b/multi-node/generate-indexer-certs.yml @@ -3,8 +3,9 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:4.7.5 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml \ No newline at end of file diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml index 3e0eb6fd7..efcd8d87b 100644 --- a/single-node/generate-indexer-certs.yml +++ b/single-node/generate-indexer-certs.yml @@ -3,8 +3,9 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:5.0.0 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml From 1f32d2a358900308305711e0d899c280600e77b1 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 07:42:13 -0300 Subject: [PATCH 07/15] Modify yaml script name generator --- multi-node/{generate-indexer-certs.yml => generate-certs.yml} | 0 single-node/{generate-indexer-certs.yml => generate-certs.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename multi-node/{generate-indexer-certs.yml => generate-certs.yml} (100%) rename single-node/{generate-indexer-certs.yml => generate-certs.yml} (100%) diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-certs.yml similarity index 100% rename from multi-node/generate-indexer-certs.yml rename to multi-node/generate-certs.yml diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-certs.yml similarity index 100% rename from single-node/generate-indexer-certs.yml rename to single-node/generate-certs.yml From 6d63befeb7ddc181c70c2b3446a033e4fe9e99cd Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 07:57:03 -0300 Subject: [PATCH 08/15] Modify yaml script name generator --- multi-node/generate-certs.yml | 2 +- single-node/generate-certs.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/multi-node/generate-certs.yml b/multi-node/generate-certs.yml index a118f0be7..f67aea04d 100644 --- a/multi-node/generate-certs.yml +++ b/multi-node/generate-certs.yml @@ -8,4 +8,4 @@ services: container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml \ No newline at end of file + - ./config/certs.yml:/config/certs.yml diff --git a/single-node/generate-certs.yml b/single-node/generate-certs.yml index efcd8d87b..6826ed7d4 100644 --- a/single-node/generate-certs.yml +++ b/single-node/generate-certs.yml @@ -9,3 +9,4 @@ services: volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml + From 450a59a7c8c9335d9ce243a9fd270bc11b66e10b Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 10 Jun 2024 07:11:20 -0300 Subject: [PATCH 09/15] Change the name dir to Wazuh cert tool Dockerfile --- .../{cert-tool-image => wazuh-cert-tool}/Dockerfile | 0 .../{cert-tool-image => wazuh-cert-tool}/config/entrypoint.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename build-docker-images/{cert-tool-image => wazuh-cert-tool}/Dockerfile (100%) rename build-docker-images/{cert-tool-image => wazuh-cert-tool}/config/entrypoint.sh (100%) diff --git a/build-docker-images/cert-tool-image/Dockerfile b/build-docker-images/wazuh-cert-tool/Dockerfile similarity index 100% rename from build-docker-images/cert-tool-image/Dockerfile rename to build-docker-images/wazuh-cert-tool/Dockerfile diff --git a/build-docker-images/cert-tool-image/config/entrypoint.sh b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh similarity index 100% rename from build-docker-images/cert-tool-image/config/entrypoint.sh rename to build-docker-images/wazuh-cert-tool/config/entrypoint.sh From aed100447116b3813ef58599b508a58b622f46a4 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 10 Jun 2024 07:13:09 -0300 Subject: [PATCH 10/15] Change the generator script in multi node deployment --- multi-node/generate-certs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/multi-node/generate-certs.yml b/multi-node/generate-certs.yml index f67aea04d..efcd8d87b 100644 --- a/multi-node/generate-certs.yml +++ b/multi-node/generate-certs.yml @@ -3,7 +3,7 @@ version: '3' services: generator: - image: wazuh/wazuh-cert-tool:4.7.5 + image: wazuh/wazuh-cert-tool:5.0.0 hostname: wazuh-cert-tool container_name: wazuh-cert-tool volumes: From 1e6f93b20adda833688d4c321ba4edc3f33e5d89 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 09:46:53 -0300 Subject: [PATCH 11/15] Correct the name of the certificate generator script --- .github/workflows/push.yml | 4 ++-- README.md | 4 ++-- multi-node/Migration-to-Wazuh-4.4.md | 2 +- multi-node/README.md | 2 +- single-node/README.md | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 0444cba7a..c528dceda 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -89,7 +89,7 @@ jobs: - name: Create single node certficates - run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f single-node/generate-certs.yml run --rm generator - name: Start single node stack run: docker-compose -f single-node/docker-compose.yml up -d @@ -220,7 +220,7 @@ jobs: rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create multi node certficates - run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f multi-node/generate-certs.yml run --rm generator - name: Start multi node stack run: docker-compose -f multi-node/docker-compose.yml up -d diff --git a/README.md b/README.md index ce949de33..34290fc21 100644 --- a/README.md +++ b/README.md @@ -154,7 +154,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── wazuh_indexer_ssl_certs │   │   └── certs.yml │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   ├── Migration-to-Wazuh-4.3.md │   └── volume-migrator.sh ├── README.md @@ -181,7 +181,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   ├── wazuh.manager-key.pem │   │   └── wazuh.manager.pem │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   └── README.md └── VERSION diff --git a/multi-node/Migration-to-Wazuh-4.4.md b/multi-node/Migration-to-Wazuh-4.4.md index 3ff10a844..817dc961e 100644 --- a/multi-node/Migration-to-Wazuh-4.4.md +++ b/multi-node/Migration-to-Wazuh-4.4.md @@ -354,7 +354,7 @@ docker container run --rm -it \ ``` git checkout 4.4 cd multi-node -docker-compose -f generate-indexer-certs.yml run --rm generator +docker-compose -f generate-certs.yml run --rm generator docker-compose up -d ``` diff --git a/multi-node/README.md b/multi-node/README.md index c1e8b9986..64273eb8c 100644 --- a/multi-node/README.md +++ b/multi-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: diff --git a/single-node/README.md b/single-node/README.md index efd303c71..ba1be707a 100644 --- a/single-node/README.md +++ b/single-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: From fda4a171f4cf015ba3391e86a4fbacbddbebb2da Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:14:19 -0300 Subject: [PATCH 12/15] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index c528dceda..902c64fbd 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -22,6 +22,7 @@ jobs: docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar + docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar - name: Temporarily save Wazuh manager Docker image uses: actions/upload-artifact@v3 @@ -44,6 +45,13 @@ jobs: path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar retention-days: 1 + - name: Temporarily save Wazuh Cert Tool Docker image + uses: actions/upload-artifact@v3 + with: + name: docker-artifact-cert-tool + path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar + retention-days: 1 + - name: Install Goss uses: e1himself/goss-installation-action@v1.0.3 with: @@ -81,11 +89,18 @@ jobs: with: name: docker-artifact-dashboard + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-dashboard + - name: Docker load run: | docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create single node certficates @@ -212,11 +227,17 @@ jobs: with: name: docker-artifact-indexer + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-dashboard + - name: Docker load run: | - docker load --input ./wazuh-manager.tar docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar + docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create multi node certficates From cf3eb610812b649996527a3bc68dee288e8a4415 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:16:22 -0300 Subject: [PATCH 13/15] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 902c64fbd..42669888c 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -92,7 +92,7 @@ jobs: - name: Retrieve saved Wazuh Cert Tool Docker image uses: actions/download-artifact@v3 with: - name: docker-artifact-dashboard + name: docker-artifact-cert-tool - name: Docker load run: | @@ -230,7 +230,7 @@ jobs: - name: Retrieve saved Wazuh Cert Tool Docker image uses: actions/download-artifact@v3 with: - name: docker-artifact-dashboard + name: docker-artifact-cert-tool - name: Docker load run: | From 36e716033202ac22dd9b3c27103d0e26e496e593 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:19:50 -0300 Subject: [PATCH 14/15] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 42669888c..18a71dd2b 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -100,7 +100,7 @@ jobs: docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar docker load --input ./wazuh-cert-tool.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create single node certficates @@ -238,7 +238,7 @@ jobs: docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar docker load --input ./wazuh-cert-tool.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create multi node certficates run: docker-compose -f multi-node/generate-certs.yml run --rm generator From 33a0508c9b375342026d5f603e12ed9a97fb16fc Mon Sep 17 00:00:00 2001 From: "mend-bolt-for-github[bot]" <42819689+mend-bolt-for-github[bot]@users.noreply.github.com> Date: Sun, 14 Jul 2024 03:47:30 +0000 Subject: [PATCH 15/15] Add .whitesource configuration file --- .whitesource | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 000000000..9c7ae90b4 --- /dev/null +++ b/.whitesource @@ -0,0 +1,14 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff", + "useMendCheckNames": true + }, + "issueSettings": { + "minSeverityLevel": "LOW", + "issueType": "DEPENDENCY" + } +} \ No newline at end of file