From d48769ced62c43c6405eb38fcbdc61e66dd1dfb1 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 9 Nov 2023 09:09:08 -0300 Subject: [PATCH 1/3] Updated security config files --- README.md | 1 + build-docker-images/wazuh-indexer/Dockerfile | 2 ++ .../wazuh-indexer/config/action_groups.yml | 12 ++++++++++++ build-docker-images/wazuh-indexer/config/config.sh | 1 + build-docker-images/wazuh-indexer/config/roles.yml | 12 ++++++++++-- .../wazuh-indexer/config/roles_mapping.yml | 11 +++++++++-- 6 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 build-docker-images/wazuh-indexer/config/action_groups.yml diff --git a/README.md b/README.md index 46b093fea..e1df9d684 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── Dockerfile │   ├── wazuh-indexer │   │   ├── config + │ │ │ ├── action_groups.yml │   │   │   ├── config.sh │   │   │   ├── config.yml │   │   │   ├── entrypoint.sh diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index 7e03fb6b7..abb95e22b 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -12,6 +12,8 @@ COPY config/config.sh . COPY config/config.yml / +COPY config/action_groups.yml / + COPY config/internal_users.yml / COPY config/roles_mapping.yml / diff --git a/build-docker-images/wazuh-indexer/config/action_groups.yml b/build-docker-images/wazuh-indexer/config/action_groups.yml new file mode 100644 index 000000000..04119c8a2 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/action_groups.yml @@ -0,0 +1,12 @@ +--- +_meta: + type: "actiongroups" + config_version: 2 + +# ISM API permissions group +manage_ism: + reserved: true + hidden: false + allowed_actions: + - "cluster:admin/opendistro/ism/*" + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 0b953fc5f..0b4b37919 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/ # Copy Wazuh's config files for the security plugin cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml index ed47beae5..f8bc557a8 100644 --- a/build-docker-images/wazuh-indexer/config/roles.yml +++ b/build-docker-images/wazuh-indexer/config/roles.yml @@ -142,7 +142,7 @@ wazuh_ui_user: allowed_actions: - "read" tenant_permissions: [] - static: false + static: false wazuh_ui_admin: reserved: true @@ -160,4 +160,12 @@ wazuh_ui_admin: - "manage" - "index" tenant_permissions: [] - static: false \ No newline at end of file + static: false + +# ISM API permissions role +manage_ism: + reserved: true + hidden: false + cluster_permissions: + - "manage_ism" + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml index 6f8931322..7fa57a4db 100644 --- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml +++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml @@ -33,7 +33,7 @@ kibana_user: - "kibanauser" users: - "wazuh_user" - - "wazuh_admin" + - "wazuh_admin" description: "Maps kibanauser to kibana_user" readall: @@ -68,4 +68,11 @@ wazuh_ui_user: hosts: [] users: - "wazuh_user" - and_backend_roles: [] \ No newline at end of file + and_backend_roles: [] + +# ISM API permissions role mapping +manage_ism: + reserved: true + hidden: false + users: + - "kibanaserver" \ No newline at end of file From 3a97fd8d6cf8c1795770ca4f7e8fd7dfbabbbd9f Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 9 Nov 2023 13:59:56 -0300 Subject: [PATCH 2/3] change hostname from apply ism policy --- build-docker-images/wazuh-indexer/config/ism-check.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-docker-images/wazuh-indexer/config/ism-check.sh b/build-docker-images/wazuh-indexer/config/ism-check.sh index fcfeeaa01..7a605399c 100644 --- a/build-docker-images/wazuh-indexer/config/ism-check.sh +++ b/build-docker-images/wazuh-indexer/config/ism-check.sh @@ -1,10 +1,10 @@ #!/bin/bash - +SERVER=`hostname` if [[ -n "$INDEXER_PASSWORD" ]]; then - until [[ `curl -XGET https://0.0.0.0:9200/_cat/indices -u admin:SecretPassword -k -s | grep .opendistro_security | wc -l` -eq 1 ]] + until [[ `curl -XGET https://$SERVER:9200/_cat/indices -u admin:SecretPassword -k -s | grep .opendistro_security | wc -l` -eq 1 ]] do echo "Wazuh indexer Security is not initiaized"; sleep 30 done - bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -i 127.0.0.1 -p $INDEXER_PASSWORD + bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -p $INDEXER_PASSWORD -i $SERVER fi \ No newline at end of file From e38897fb0f43930f5d9702d8b859a093c47ff27a Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 10 Nov 2023 13:03:44 -0300 Subject: [PATCH 3/3] change revision tag --- .env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env b/.env index 9471b3923..6b66d4a03 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ WAZUH_VERSION=4.8.0 WAZUH_IMAGE_VERSION=4.8.0 -WAZUH_TAG_REVISION=40800 +WAZUH_TAG_REVISION=1 FILEBEAT_TEMPLATE_BRANCH=4.8.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz -WAZUH_UI_REVISION=40800 +WAZUH_UI_REVISION=1