Skip to content

Commit

Permalink
Merge pull request #1098 from wazuh/change/updateIndexerFiles-to4.8.0
Browse files Browse the repository at this point in the history
Updated security config files
  • Loading branch information
c-bordon authored Nov 9, 2023
2 parents 4863d54 + 486c41e commit a68da46
Show file tree
Hide file tree
Showing 6 changed files with 35 additions and 4 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ##
│   │   └── Dockerfile
│   ├── wazuh-indexer
│   │   ├── config
│ │ │ ├── action_groups.yml
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
Expand Down
2 changes: 2 additions & 0 deletions build-docker-images/wazuh-indexer/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ COPY config/config.sh .

COPY config/config.yml /

COPY config/action_groups.yml /

COPY config/internal_users.yml /

COPY config/roles_mapping.yml /
Expand Down
12 changes: 12 additions & 0 deletions build-docker-images/wazuh-indexer/config/action_groups.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
_meta:
type: "actiongroups"
config_version: 2

# ISM API permissions group
manage_ism:
reserved: true
hidden: false
allowed_actions:
- "cluster:admin/opendistro/ism/*"
static: false
1 change: 1 addition & 0 deletions build-docker-images/wazuh-indexer/config/config.sh
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/
# Copy Wazuh's config files for the security plugin
cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
# Copy Wazuh indexer's certificates
Expand Down
12 changes: 10 additions & 2 deletions build-docker-images/wazuh-indexer/config/roles.yml
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ wazuh_ui_user:
allowed_actions:
- "read"
tenant_permissions: []
static: false
static: false

wazuh_ui_admin:
reserved: true
Expand All @@ -160,4 +160,12 @@ wazuh_ui_admin:
- "manage"
- "index"
tenant_permissions: []
static: false
static: false

# ISM API permissions role
manage_ism:
reserved: true
hidden: false
cluster_permissions:
- "manage_ism"
static: false
11 changes: 9 additions & 2 deletions build-docker-images/wazuh-indexer/config/roles_mapping.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ kibana_user:
- "kibanauser"
users:
- "wazuh_user"
- "wazuh_admin"
- "wazuh_admin"
description: "Maps kibanauser to kibana_user"

readall:
Expand Down Expand Up @@ -68,4 +68,11 @@ wazuh_ui_user:
hosts: []
users:
- "wazuh_user"
and_backend_roles: []
and_backend_roles: []

# ISM API permissions role mapping
manage_ism:
reserved: true
hidden: false
users:
- "kibanaserver"

0 comments on commit a68da46

Please sign in to comment.