Skip to content

Commit

Permalink
Merge pull request #1112 from wazuh/sign-old-commits
Browse files Browse the repository at this point in the history
Sign old commits
  • Loading branch information
vcerenu authored Nov 14, 2023
2 parents 4863d54 + 95bd43c commit 0c4b1df
Show file tree
Hide file tree
Showing 12 changed files with 64 additions and 11 deletions.
3 changes: 3 additions & 0 deletions .env
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
WAZUH_VERSION=4.8.0
WAZUH_IMAGE_VERSION=4.8.0
WAZUH_TAG_REVISION=1
FILEBEAT_TEMPLATE_BRANCH=4.8.0
WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz
WAZUH_UI_REVISION=1
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ##
│   │   └── Dockerfile
│   ├── wazuh-indexer
│   │   ├── config
│ │ │ ├── action_groups.yml
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
Expand Down
8 changes: 7 additions & 1 deletion build-docker-images/wazuh-indexer/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ COPY config/config.sh .

COPY config/config.yml /

COPY config/action_groups.yml /

COPY config/internal_users.yml /

COPY config/roles_mapping.yml /
Expand All @@ -33,6 +35,8 @@ ENV USER="wazuh-indexer" \
NAME="wazuh-indexer" \
INSTALL_DIR="/usr/share/wazuh-indexer"

RUN apt-get update -y && apt-get install curl -y

RUN getent group $GROUP || groupadd -r -g 1000 $GROUP

RUN useradd --system \
Expand All @@ -50,7 +54,9 @@ COPY config/entrypoint.sh /

COPY config/securityadmin.sh /

RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
COPY config/ism-check.sh /

RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && chmod 700 /ism-check.sh

RUN chown 1000:1000 /*.sh

Expand Down
12 changes: 12 additions & 0 deletions build-docker-images/wazuh-indexer/config/action_groups.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
_meta:
type: "actiongroups"
config_version: 2

# ISM API permissions group
manage_ism:
reserved: true
hidden: false
allowed_actions:
- "cluster:admin/opendistro/ism/*"
static: false
1 change: 1 addition & 0 deletions build-docker-images/wazuh-indexer/config/config.sh
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/
# Copy Wazuh's config files for the security plugin
cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
# Copy Wazuh indexer's certificates
Expand Down
2 changes: 2 additions & 0 deletions build-docker-images/wazuh-indexer/config/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -90,4 +90,6 @@ fi
# touch "/var/lib/wazuh-indexer/.flag"
#fi

nohup /ism-check.sh &

run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
10 changes: 10 additions & 0 deletions build-docker-images/wazuh-indexer/config/ism-check.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash
SERVER=`hostname`
if [[ -n "$INDEXER_PASSWORD" ]]; then
until [[ `curl -XGET https://$SERVER:9200/_cat/indices -u admin:SecretPassword -k -s | grep .opendistro_security | wc -l` -eq 1 ]]
do
echo "Wazuh indexer Security is not initiaized";
sleep 30
done
bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -p $INDEXER_PASSWORD -i $SERVER
fi
12 changes: 10 additions & 2 deletions build-docker-images/wazuh-indexer/config/roles.yml
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ wazuh_ui_user:
allowed_actions:
- "read"
tenant_permissions: []
static: false
static: false

wazuh_ui_admin:
reserved: true
Expand All @@ -160,4 +160,12 @@ wazuh_ui_admin:
- "manage"
- "index"
tenant_permissions: []
static: false
static: false

# ISM API permissions role
manage_ism:
reserved: true
hidden: false
cluster_permissions:
- "manage_ism"
static: false
11 changes: 9 additions & 2 deletions build-docker-images/wazuh-indexer/config/roles_mapping.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ kibana_user:
- "kibanauser"
users:
- "wazuh_user"
- "wazuh_admin"
- "wazuh_admin"
description: "Maps kibanauser to kibana_user"

readall:
Expand Down Expand Up @@ -68,4 +68,11 @@ wazuh_ui_user:
hosts: []
users:
- "wazuh_user"
and_backend_roles: []
and_backend_roles: []

# ISM API permissions role mapping
manage_ism:
reserved: true
hidden: false
users:
- "kibanaserver"
11 changes: 6 additions & 5 deletions build-docker-images/wazuh-manager/config/check_repository.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
## variables
GPG_SIGN='[arch=amd64 signed-by=/etc/apt/keyrings/wazuh.gpg]'
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main"
REPOSITORY="deb ${GPG_SIGN} https://packages.wazuh.com/4.x/apt/ stable main"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
Expand All @@ -12,18 +13,18 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
## check version to use the correct repository
if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
fi
fi
fi

apt-key adv --fetch-keys ${APT_KEY}
curl ${APT_KEY} | gpg --dearmor -o /etc/apt/keyrings/wazuh.gpg
echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list
1 change: 1 addition & 0 deletions multi-node/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ services:
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
- 'INDEXER_PASSWORD=SecretPassword'
ulimits:
memlock:
soft: -1
Expand Down
3 changes: 2 additions & 1 deletion single-node/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ services:
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- "OPENSEARCH_JAVA_OPTS=-Xms1024m -Xmx1024m"
- 'INDEXER_PASSWORD=SecretPassword'
ulimits:
memlock:
soft: -1
Expand Down

0 comments on commit 0c4b1df

Please sign in to comment.