From 486c41e3f9c931632d37f0b345a3b10bef1c5260 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 9 Nov 2023 09:09:08 -0300 Subject: [PATCH 1/5] Updated security config files --- README.md | 1 + build-docker-images/wazuh-indexer/Dockerfile | 2 ++ .../wazuh-indexer/config/action_groups.yml | 12 ++++++++++++ build-docker-images/wazuh-indexer/config/config.sh | 1 + build-docker-images/wazuh-indexer/config/roles.yml | 12 ++++++++++-- .../wazuh-indexer/config/roles_mapping.yml | 11 +++++++++-- 6 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 build-docker-images/wazuh-indexer/config/action_groups.yml diff --git a/README.md b/README.md index 46b093fe..e1df9d68 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── Dockerfile │   ├── wazuh-indexer │   │   ├── config + │ │ │ ├── action_groups.yml │   │   │   ├── config.sh │   │   │   ├── config.yml │   │   │   ├── entrypoint.sh diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index f2b809c3..985a3a05 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -12,6 +12,8 @@ COPY config/config.sh . COPY config/config.yml / +COPY config/action_groups.yml / + COPY config/internal_users.yml / COPY config/roles_mapping.yml / diff --git a/build-docker-images/wazuh-indexer/config/action_groups.yml b/build-docker-images/wazuh-indexer/config/action_groups.yml new file mode 100644 index 00000000..04119c8a --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/action_groups.yml @@ -0,0 +1,12 @@ +--- +_meta: + type: "actiongroups" + config_version: 2 + +# ISM API permissions group +manage_ism: + reserved: true + hidden: false + allowed_actions: + - "cluster:admin/opendistro/ism/*" + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 0b953fc5..0b4b3791 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/ # Copy Wazuh's config files for the security plugin cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml index ed47beae..f8bc557a 100644 --- a/build-docker-images/wazuh-indexer/config/roles.yml +++ b/build-docker-images/wazuh-indexer/config/roles.yml @@ -142,7 +142,7 @@ wazuh_ui_user: allowed_actions: - "read" tenant_permissions: [] - static: false + static: false wazuh_ui_admin: reserved: true @@ -160,4 +160,12 @@ wazuh_ui_admin: - "manage" - "index" tenant_permissions: [] - static: false \ No newline at end of file + static: false + +# ISM API permissions role +manage_ism: + reserved: true + hidden: false + cluster_permissions: + - "manage_ism" + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml index 6f893132..7fa57a4d 100644 --- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml +++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml @@ -33,7 +33,7 @@ kibana_user: - "kibanauser" users: - "wazuh_user" - - "wazuh_admin" + - "wazuh_admin" description: "Maps kibanauser to kibana_user" readall: @@ -68,4 +68,11 @@ wazuh_ui_user: hosts: [] users: - "wazuh_user" - and_backend_roles: [] \ No newline at end of file + and_backend_roles: [] + +# ISM API permissions role mapping +manage_ism: + reserved: true + hidden: false + users: + - "kibanaserver" \ No newline at end of file From 9b2f6392ecd296bc0a6b20ea84865f94c497f99c Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 9 Nov 2023 09:25:00 -0300 Subject: [PATCH 2/5] add ism policies --- .env | 5 ++++- build-docker-images/wazuh-indexer/Dockerfile | 6 +++++- build-docker-images/wazuh-indexer/config/entrypoint.sh | 2 ++ build-docker-images/wazuh-indexer/config/ism-check.sh | 10 ++++++++++ multi-node/docker-compose.yml | 1 + single-node/docker-compose.yml | 3 ++- 6 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 build-docker-images/wazuh-indexer/config/ism-check.sh diff --git a/.env b/.env index 08a3c7ed..9471b392 100755 --- a/.env +++ b/.env @@ -1,3 +1,6 @@ WAZUH_VERSION=4.8.0 WAZUH_IMAGE_VERSION=4.8.0 -WAZUH_TAG_REVISION=1 +WAZUH_TAG_REVISION=40800 +FILEBEAT_TEMPLATE_BRANCH=4.8.0 +WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz +WAZUH_UI_REVISION=40800 diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index f2b809c3..7e03fb6b 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -33,6 +33,8 @@ ENV USER="wazuh-indexer" \ NAME="wazuh-indexer" \ INSTALL_DIR="/usr/share/wazuh-indexer" +RUN apt-get update -y && apt-get install curl -y + RUN getent group $GROUP || groupadd -r -g 1000 $GROUP RUN useradd --system \ @@ -50,7 +52,9 @@ COPY config/entrypoint.sh / COPY config/securityadmin.sh / -RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh +COPY config/ism-check.sh / + +RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && chmod 700 /ism-check.sh RUN chown 1000:1000 /*.sh diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 2acb4aa0..2d3396d6 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -90,4 +90,6 @@ fi # touch "/var/lib/wazuh-indexer/.flag" #fi +nohup /ism-check.sh & + run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/ism-check.sh b/build-docker-images/wazuh-indexer/config/ism-check.sh new file mode 100644 index 00000000..fcfeeaa0 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/ism-check.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ -n "$INDEXER_PASSWORD" ]]; then + until [[ `curl -XGET https://0.0.0.0:9200/_cat/indices -u admin:SecretPassword -k -s | grep .opendistro_security | wc -l` -eq 1 ]] + do + echo "Wazuh indexer Security is not initiaized"; + sleep 30 + done + bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -i 127.0.0.1 -p $INDEXER_PASSWORD +fi \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index a72fd4f5..684d9813 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -89,6 +89,7 @@ services: environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - "bootstrap.memory_lock=true" + - 'INDEXER_PASSWORD=SecretPassword' ulimits: memlock: soft: -1 diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 45a8feb7..8627df27 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -52,7 +52,8 @@ services: ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + - "OPENSEARCH_JAVA_OPTS=-Xms1024m -Xmx1024m" + - 'INDEXER_PASSWORD=SecretPassword' ulimits: memlock: soft: -1 From 133a74eed3a6ad9618286fcb88711c3c6528c1e8 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 9 Nov 2023 09:26:54 -0300 Subject: [PATCH 3/5] change apt-key add command --- .../wazuh-manager/config/check_repository.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/build-docker-images/wazuh-manager/config/check_repository.sh b/build-docker-images/wazuh-manager/config/check_repository.sh index adc94e79..bd7ffea9 100644 --- a/build-docker-images/wazuh-manager/config/check_repository.sh +++ b/build-docker-images/wazuh-manager/config/check_repository.sh @@ -1,6 +1,7 @@ ## variables +GPG_SIGN='[arch=amd64 signed-by=/etc/apt/keyrings/wazuh.gpg]' APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH -REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main" +REPOSITORY="deb ${GPG_SIGN} https://packages.wazuh.com/4.x/apt/ stable main" WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) @@ -12,18 +13,18 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3) ## check version to use the correct repository if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main" + REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main" elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main" + REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main" elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH - REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main" + REPOSITORY="deb ${GPG_SIGN} https://packages-dev.wazuh.com/pre-release/apt/ unstable main" fi fi fi -apt-key adv --fetch-keys ${APT_KEY} +curl ${APT_KEY} | gpg --dearmor -o /etc/apt/keyrings/wazuh.gpg echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list \ No newline at end of file From 8af25bdbcc30ea5d02a8bd011713a3f5fb023bb4 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 9 Nov 2023 13:59:56 -0300 Subject: [PATCH 4/5] change hostname from apply ism policy --- build-docker-images/wazuh-indexer/config/ism-check.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-docker-images/wazuh-indexer/config/ism-check.sh b/build-docker-images/wazuh-indexer/config/ism-check.sh index fcfeeaa0..7a605399 100644 --- a/build-docker-images/wazuh-indexer/config/ism-check.sh +++ b/build-docker-images/wazuh-indexer/config/ism-check.sh @@ -1,10 +1,10 @@ #!/bin/bash - +SERVER=`hostname` if [[ -n "$INDEXER_PASSWORD" ]]; then - until [[ `curl -XGET https://0.0.0.0:9200/_cat/indices -u admin:SecretPassword -k -s | grep .opendistro_security | wc -l` -eq 1 ]] + until [[ `curl -XGET https://$SERVER:9200/_cat/indices -u admin:SecretPassword -k -s | grep .opendistro_security | wc -l` -eq 1 ]] do echo "Wazuh indexer Security is not initiaized"; sleep 30 done - bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -i 127.0.0.1 -p $INDEXER_PASSWORD + bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh -p $INDEXER_PASSWORD -i $SERVER fi \ No newline at end of file From c6e090962934abe6ffff01dcca2945b90476efc1 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 10 Nov 2023 13:03:44 -0300 Subject: [PATCH 5/5] change revision tag --- .env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env b/.env index 9471b392..6b66d4a0 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ WAZUH_VERSION=4.8.0 WAZUH_IMAGE_VERSION=4.8.0 -WAZUH_TAG_REVISION=40800 +WAZUH_TAG_REVISION=1 FILEBEAT_TEMPLATE_BRANCH=4.8.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz -WAZUH_UI_REVISION=40800 +WAZUH_UI_REVISION=1