add ism policies

wazuh · Nov 9, 2023 · 9b2f639 · 9b2f639
1 parent 4863d54
commit 9b2f639
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 3 deletions.
diff --git a/.env b/.env
@@ -1,3 +1,6 @@
 WAZUH_VERSION=4.8.0
 WAZUH_IMAGE_VERSION=4.8.0
-WAZUH_TAG_REVISION=1
+WAZUH_TAG_REVISION=40800
+FILEBEAT_TEMPLATE_BRANCH=4.8.0
+WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz
+WAZUH_UI_REVISION=40800
diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile
@@ -33,6 +33,8 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
+RUN apt-get update -y && apt-get install curl -y
+
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 
 RUN useradd --system \
@@ -50,7 +52,9 @@ COPY config/entrypoint.sh /
 
 COPY config/securityadmin.sh /
 
-RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
+COPY config/ism-check.sh /
+
+RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && chmod 700 /ism-check.sh
 
 RUN chown 1000:1000 /*.sh
 

diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh
@@ -90,4 +90,6 @@ fi
 #  touch "/var/lib/wazuh-indexer/.flag"
 #fi
 
+nohup /ism-check.sh &
+
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
diff --git a/build-docker-images/wazuh-indexer/config/ism-check.sh b/build-docker-images/wazuh-indexer/config/ism-check.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [[ -n "$INDEXER_PASSWORD"  ]]; then
+    until [[ `curl -XGET https://0.0.0.0:9200/_cat/indices -u admin:SecretPassword -k -s  | grep .opendistro_security | wc -l`  -eq 1 ]]
+    do
+        echo "Wazuh indexer Security is not initiaized";
+        sleep 30
+    done
+    bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -i 127.0.0.1 -p $INDEXER_PASSWORD
+fi
diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml
@@ -89,6 +89,7 @@ services:
     environment:
       - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
       - "bootstrap.memory_lock=true"
+      - 'INDEXER_PASSWORD=SecretPassword'
     ulimits:
       memlock:
         soft: -1

diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml
@@ -52,7 +52,8 @@ services:
     ports:
       - "9200:9200"
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+      - "OPENSEARCH_JAVA_OPTS=-Xms1024m -Xmx1024m"
+      - 'INDEXER_PASSWORD=SecretPassword'
     ulimits:
       memlock:
         soft: -1