diff --git a/.env b/.env index 08a3c7ed..6b66d4a0 100755 --- a/.env +++ b/.env @@ -1,3 +1,6 @@ WAZUH_VERSION=4.8.0 WAZUH_IMAGE_VERSION=4.8.0 WAZUH_TAG_REVISION=1 +FILEBEAT_TEMPLATE_BRANCH=4.8.0 +WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz +WAZUH_UI_REVISION=1 diff --git a/README.md b/README.md index 46b093fe..e1df9d68 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── Dockerfile │   ├── wazuh-indexer │   │   ├── config + │ │ │ ├── action_groups.yml │   │   │   ├── config.sh │   │   │   ├── config.yml │   │   │   ├── entrypoint.sh diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index f2b809c3..abb95e22 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -12,6 +12,8 @@ COPY config/config.sh . COPY config/config.yml / +COPY config/action_groups.yml / + COPY config/internal_users.yml / COPY config/roles_mapping.yml / @@ -33,6 +35,8 @@ ENV USER="wazuh-indexer" \ NAME="wazuh-indexer" \ INSTALL_DIR="/usr/share/wazuh-indexer" +RUN apt-get update -y && apt-get install curl -y + RUN getent group $GROUP || groupadd -r -g 1000 $GROUP RUN useradd --system \ @@ -50,7 +54,9 @@ COPY config/entrypoint.sh / COPY config/securityadmin.sh / -RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh +COPY config/ism-check.sh / + +RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && chmod 700 /ism-check.sh RUN chown 1000:1000 /*.sh diff --git a/build-docker-images/wazuh-indexer/config/action_groups.yml b/build-docker-images/wazuh-indexer/config/action_groups.yml new file mode 100644 index 00000000..04119c8a --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/action_groups.yml @@ -0,0 +1,12 @@ +--- +_meta: + type: "actiongroups" + config_version: 2 + +# ISM API permissions group +manage_ism: + reserved: true + hidden: false + allowed_actions: + - "cluster:admin/opendistro/ism/*" + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 0b953fc5..0b4b3791 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/ # Copy Wazuh's config files for the security plugin cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 2acb4aa0..2d3396d6 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -90,4 +90,6 @@ fi # touch "/var/lib/wazuh-indexer/.flag" #fi +nohup /ism-check.sh & + run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/ism-check.sh b/build-docker-images/wazuh-indexer/config/ism-check.sh new file mode 100644 index 00000000..7a605399 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/ism-check.sh @@ -0,0 +1,10 @@ +#!/bin/bash +SERVER=`hostname` +if [[ -n "$INDEXER_PASSWORD" ]]; then + until [[ `curl -XGET https://$SERVER:9200/_cat/indices -u admin:SecretPassword -k -s | grep .opendistro_security | wc -l` -eq 1 ]] + do + echo "Wazuh indexer Security is not initiaized"; + sleep 30 + done + bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -p $INDEXER_PASSWORD -i $SERVER +fi \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml index ed47beae..f8bc557a 100644 --- a/build-docker-images/wazuh-indexer/config/roles.yml +++ b/build-docker-images/wazuh-indexer/config/roles.yml @@ -142,7 +142,7 @@ wazuh_ui_user: allowed_actions: - "read" tenant_permissions: [] - static: false + static: false wazuh_ui_admin: reserved: true @@ -160,4 +160,12 @@ wazuh_ui_admin: - "manage" - "index" tenant_permissions: [] - static: false \ No newline at end of file + static: false + +# ISM API permissions role +manage_ism: + reserved: true + hidden: false + cluster_permissions: + - "manage_ism" + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml index 6f893132..7fa57a4d 100644 --- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml +++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml @@ -33,7 +33,7 @@ kibana_user: - "kibanauser" users: - "wazuh_user" - - "wazuh_admin" + - "wazuh_admin" description: "Maps kibanauser to kibana_user" readall: @@ -68,4 +68,11 @@ wazuh_ui_user: hosts: [] users: - "wazuh_user" - and_backend_roles: [] \ No newline at end of file + and_backend_roles: [] + +# ISM API permissions role mapping +manage_ism: + reserved: true + hidden: false + users: + - "kibanaserver" \ No newline at end of file diff --git a/build-docker-images/wazuh-manager/config/check_repository.sh b/build-docker-images/wazuh-manager/config/check_repository.sh index adc94e79..bd7ffea9 100644 --- a/build-docker-images/wazuh-manager/config/check_repository.sh +++ b/build-docker-images/wazuh-manager/config/check_repository.sh @@ -1,6 +1,7 @@ ## variables +GPG_SIGN='[arch=amd64 signed-by=/etc/apt/keyrings/wazuh.gpg]' APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH -REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main" +REPOSITORY="deb ${GPG_SIGN} https://packages.wazuh.com/4.x/apt/ stable main" WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) @@ -12,18 +13,18 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) ## check version to use the correct repository if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main" + REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main" elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main" + REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main" elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main" + REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main" fi fi fi -apt-key adv --fetch-keys ${APT_KEY} +curl ${APT_KEY} | gpg --dearmor -o /etc/apt/keyrings/wazuh.gpg echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index a72fd4f5..684d9813 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -89,6 +89,7 @@ services: environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - "bootstrap.memory_lock=true" + - 'INDEXER_PASSWORD=SecretPassword' ulimits: memlock: soft: -1 diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 45a8feb7..8627df27 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -52,7 +52,8 @@ services: ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + - "OPENSEARCH_JAVA_OPTS=-Xms1024m -Xmx1024m" + - 'INDEXER_PASSWORD=SecretPassword' ulimits: memlock: soft: -1