Delete Wazuh indexer config files

2025-10-30 19:43:39 +00:00 · 2025-10-22 22:45:39 +07:00
parent 4c7ee8abac
commit 0c8a36fe06
8 changed files with 65 additions and 447 deletions
--- a/build-docker-images/wazuh-indexer/Dockerfile
+++ b/build-docker-images/wazuh-indexer/Dockerfile
@@ -13,20 +13,8 @@ RUN chmod 775 /check_repository.sh && \
 RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
    yum clean all
 COPY config/opensearch.yml /
 COPY config/config.sh .
 COPY config/config.yml /
 COPY config/action_groups.yml /
 COPY config/internal_users.yml /
 COPY config/roles_mapping.yml /
 COPY config/roles.yml /
 RUN bash config.sh
 ################################################################################
@@ -36,6 +24,7 @@ RUN bash config.sh
 # Add entrypoint
 ################################################################################
 FROM amazonlinux:2023
 ENV USER="wazuh-indexer" \
--- a/build-docker-images/wazuh-indexer/config/action_groups.yml
+++ b/build-docker-images/wazuh-indexer/config/action_groups.yml
@@ -1,12 +0,0 @@
 ---
 _meta:
  type: "actiongroups"
  config_version: 2
 # ISM API permissions group
 manage_ism:
  reserved: true
  hidden: false
  allowed_actions:
  - "cluster:admin/opendistro/ism/*"
  static: false
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@@ -3,7 +3,6 @@
 export DH_OPTIONS
 export NAME=wazuh-indexer
 export TARGET_DIR=${CURDIR}/debian/${NAME}
 # Package build options
 export USER=${NAME}
@@ -14,89 +13,86 @@ export LIB_DIR=/var/lib/${NAME}
 export PID_DIR=/run/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
 export CONFIG_DIR=${INSTALLATION_DIR}/config
-export BASE_DIR=${NAME}-*
+
-export INDEXER_FILE=wazuh-indexer-base.tar.xz
+
-export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
+##############################################################################
-export REPO_DIR=/unattended_installer
+# Downloading Cert Gen Tool
 ##############################################################################
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PASSWORD_TOOL=wazuh-passwords-tool.sh
+CERT_CONFIG_FILE=config.yml
-PACKAGES_URL=https://packages.wazuh.com/4.14/
+CERT_TOOL_VERSION="4.14"
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.14/
+PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
 PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
-## Check if the cert tool exists in S3 buckets
+download_package() {
-CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+    local url=$1
-CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+    local package=$2
    local output=$2
    echo "Checking $url$package ..."
    if curl -fsL "$url$package" -o "$output"; then
        echo "Downloaded $package from $url"
        return 0
    else
        return 1
    fi
 }
-## If cert tool exists in some bucket, download it, if not exit 1
+# Download the tool to create the certificates
-if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+echo "Downloading the tool to create the certificates..."
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+# Try first the prod URL, if it fails try the dev URL
-  echo "Cert tool exists in Packages bucket"
+if download_package "$PACKAGES_URL" "$CERT_TOOL"; then
-elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
+    :
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+elif download_package "$PACKAGES_DEV_URL" "$CERT_TOOL"; then
-  echo "Cert tool exists in Packages-dev bucket"
+    :
 else
-  echo "Cert tool does not exist in any bucket"
+    echo "The tool to create the certificates does not exist in any bucket"
-  exit 1
+    echo "ERROR: certificates were not created"
    exit 1
 fi
-
+# Download the config file for the certificate tool
-## Check if the password tool exists in S3 buckets
+echo "Downloading the config file for the certificate tool..."
-PASSWORD_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+# Try first the prod URL, if it fails try the dev URL
-PASSWORD_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+if download_package "$PACKAGES_URL" "$CERT_CONFIG_FILE"; then
-
+    :
-## If password tool exists in some bucket, download it, if not exit 1
+elif download_package "$PACKAGES_DEV_URL" "$CERT_CONFIG_FILE"; then
-if [ "$PASSWORD_TOOL_PACKAGES" = "200" ]; then
+    :
  curl -o $PASSWORD_TOOL $PACKAGES_URL$PASSWORD_TOOL
  echo "Password tool exists in Packages bucket"
 elif [ "$PASSWORD_TOOL_PACKAGES_DEV" = "200" ]; then
  curl -o $PASSWORD_TOOL $PACKAGES_DEV_URL$PASSWORD_TOOL
  echo "Password tool exists in Packages-dev bucket"
 else
-  echo "Password tool does not exist in any bucket"
+    echo "The config file for the certificate tool does not exist in any bucket"
-  exit 1
+    echo "ERROR: certificates were not created"
    exit 1
 fi
-chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+awk '
 /^  indexer:/ {in_indexer=1}
 /^  # Wazuh server nodes/ {in_indexer=0}
 in_indexer && /^[[:space:]]*[^#].*name:/ {sub(/name:.*/, "name: indexer")}
 /^[[:space:]]*[^#].*ip:/ {sub(/ip:.*/, "ip: \"127.0.0.1\"")}
 {print}
 ' config.yml > config.yml.tmp && mv config.yml config.yml.bak && mv config.yml.tmp config.yml
 chmod 700 "$CERT_CONFIG_FILE"
 # Create the certificates
 chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
 # copy to target
 mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
 mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}
 mkdir -p ${TARGET_DIR}${LIB_DIR}
 mkdir -p ${TARGET_DIR}${LOG_DIR}
 mkdir -p ${TARGET_DIR}/etc/init.d
 mkdir -p ${TARGET_DIR}/etc/default
 mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
 mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
 mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
 # Copy Wazuh's config files for the security plugin
 cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
-cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
+mkdir -p ${CONFIG_DIR}/certs
-cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem
+cp -pr /wazuh-certificates/indexer.pem ${CONFIG_DIR}/certs/indexer.pem
-cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key
+cp -pr /wazuh-certificates/indexer-key.pem ${CONFIG_DIR}/certs/indexer-key.pem
-cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem
+cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
-cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
+cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
-cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
+cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
 # Delete xms and xmx parameters in jvm.options
 sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
 sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
 sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
-
+chown -R ${USER}:${GROUP} ${CONFIG_DIR}
-chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
+chmod -R 500 ${CONFIG_DIR}/certs
-chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
+chmod -R 400 ${CONFIG_DIR}/certs/*
 find ${TARGET_DIR} -type d -exec chmod 750 {} \;
 find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
 find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
 find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
 find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;
--- a/build-docker-images/wazuh-indexer/config/config.yml
+++ b/build-docker-images/wazuh-indexer/config/config.yml
@@ -1,5 +0,0 @@
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: demo.indexer
      ip: demo.indexer
--- a/build-docker-images/wazuh-indexer/config/internal_users.yml
+++ b/build-docker-images/wazuh-indexer/config/internal_users.yml
@@ -1,74 +0,0 @@
 ---
 # This is the internal user database
 # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
 _meta:
  type: "internalusers"
  config_version: 2
 # Define your internal users here
 ## Demo users
 admin:
  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
 kibanaserver:
  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
  reserved: true
  description: "Demo kibanaserver user"
 kibanaro:
  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
 logstash:
  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
 readall:
  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
 snapshotrestore:
  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"
 wazuh_admin:
  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
  reserved: true
  hidden: false
  backend_roles: []
  attributes: {}
  opendistro_security_roles: []
  static: false
 wazuh_user:
  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
  reserved: true
  hidden: false
  backend_roles: []
  attributes: {}
  opendistro_security_roles: []
  static: false  
--- a/build-docker-images/wazuh-indexer/config/opensearch.yml
+++ b/build-docker-images/wazuh-indexer/config/opensearch.yml
@@ -1,27 +0,0 @@
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 cluster.name: "wazuh-cluster"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 compatibility.override_main_response_version: true
 plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/indexer.pem
 plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/indexer-key.pem
 plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/indexer-key.pem
 plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
 plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
--- a/build-docker-images/wazuh-indexer/config/roles.yml
+++ b/build-docker-images/wazuh-indexer/config/roles.yml
@@ -1,171 +0,0 @@
 _meta:
  type: "roles"
  config_version: 2
 # Restrict users so they can only view visualization and dashboards on kibana
 kibana_read_only:
  reserved: true
 # The security REST API access role is used to assign specific users access to change the security settings through the REST API.
 security_rest_api_access:
  reserved: true
 # Allows users to view monitors, destinations and alerts
 alerting_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/get'
    - 'cluster:admin/opendistro/alerting/destination/get'
    - 'cluster:admin/opendistro/alerting/monitor/get'
    - 'cluster:admin/opendistro/alerting/monitor/search'
 # Allows users to view and acknowledge alerts
 alerting_ack_alerts:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/*'
 # Allows users to use all alerting functionality
 alerting_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/alerting/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'
 # Allow users to read Anomaly Detection detectors and results
 anomaly_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/ad/detector/info'
    - 'cluster:admin/opendistro/ad/detector/search'
    - 'cluster:admin/opendistro/ad/detectors/get'
    - 'cluster:admin/opendistro/ad/result/search'
    - 'cluster:admin/opendistro/ad/tasks/search'
 # Allows users to use all Anomaly Detection functionality
 anomaly_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/ad/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'
 # Allows users to read Notebooks
 notebooks_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/notebooks/list'
    - 'cluster:admin/opendistro/notebooks/get'
 # Allows users to all Notebooks functionality
 notebooks_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/notebooks/create'
    - 'cluster:admin/opendistro/notebooks/update'
    - 'cluster:admin/opendistro/notebooks/delete'
    - 'cluster:admin/opendistro/notebooks/get'
    - 'cluster:admin/opendistro/notebooks/list'
 # Allows users to read and download Reports
 reports_instances_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'
 # Allows users to read and download Reports and Report-definitions
 reports_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'
 # Allows users to all Reports functionality
 reports_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/create'
    - 'cluster:admin/opendistro/reports/definition/update'
    - 'cluster:admin/opendistro/reports/definition/on_demand'
    - 'cluster:admin/opendistro/reports/definition/delete'
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'
 # Allows users to use all asynchronous-search functionality
 asynchronous_search_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/asynchronous_search/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:data/read/search*'
 # Allows users to read stored asynchronous-search results
 asynchronous_search_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/asynchronous_search/get'
 wazuh_ui_user:
  reserved: true
  hidden: false
  cluster_permissions: []
  index_permissions:
  - index_patterns:
    - "wazuh-*"
    dls: ""
    fls: []
    masked_fields: []
    allowed_actions:
    - "read"
  tenant_permissions: []
  static: false
 wazuh_ui_admin:
  reserved: true
  hidden: false
  cluster_permissions: []
  index_permissions:
  - index_patterns:
    - "wazuh-*"
    dls: ""
    fls: []
    masked_fields: []
    allowed_actions:
    - "read"
    - "delete"
    - "manage"
    - "index"
  tenant_permissions: []
  static: false
 # ISM API permissions role
 manage_ism:
  reserved: true
  hidden: false
  cluster_permissions:
  - "manage_ism"
  static: false
--- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml
+++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml
@@ -1,78 +0,0 @@
 ---
 # In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
 # Permissions for Wazuh indexer roles are configured in roles.yml
 _meta:
  type: "rolesmapping"
  config_version: 2
 # Define your roles mapping here
 ## Demo roles mapping
 all_access:
  reserved: false
  backend_roles:
  - "admin"
  description: "Maps admin to all_access"
 own_index:
  reserved: false
  users:
  - "*"
  description: "Allow full access to an index named like the username"
 logstash:
  reserved: false
  backend_roles:
  - "logstash"
 kibana_user:
  reserved: false
  backend_roles:
  - "kibanauser"
  users:
  - "wazuh_user"
  - "wazuh_admin"
  description: "Maps kibanauser to kibana_user"
 readall:
  reserved: false
  backend_roles:
  - "readall"
 manage_snapshots:
  reserved: false
  backend_roles:
  - "snapshotrestore"
 kibana_server:
  reserved: true
  users:
  - "kibanaserver"
 wazuh_ui_admin:
  reserved: true
  hidden: false
  backend_roles: []
  hosts: []
  users:
  - "wazuh_admin"
  - "kibanaserver"
  and_backend_roles: []
 wazuh_ui_user:
  reserved: true
  hidden: false
  backend_roles: []
  hosts: []
  users:
  - "wazuh_user"
  and_backend_roles: []
 # ISM API permissions role mapping
 manage_ism:
  reserved: true
  hidden: false
  users:
  - "kibanaserver"