Merge pull request #588 from wazuh/4.3-wazuhapp

Wazuh app options restore.

README.md

@@ -13,7 +13,7 @@ In this repository you will find the containers to run:
 
 In addition, a docker-compose file is provided to launch the containers mentioned above.
 
-* Wazuh indexer cluster. In the Wazuh indexer Dockerfile we can visualize variables to configure an Wazuh indexer Cluster. These variables are used in the file *config_cluster.sh* to set them in the *opensearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
+* Wazuh indexer cluster. In the Wazuh indexer Dockerfile we can visualize variables to configure an Wazuh indexer Cluster. These variables are used in the file *config_cluster.sh* to set them in the *opensearch.yml* configuration file. You can see the meaning of the node variables and other cluster settings [here](https://opensearch.org/docs/latest/opensearch/cluster/).
 
 ## Documentation
 
@@ -48,7 +48,7 @@ SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certi
 SSL_KEY=""                                          # Path of Filebeat SSL Key
 ```
 
-### Kibana
+### Dashboard
 ```
 PATTERN="wazuh-alerts-*"        # Default index pattern to use
 
@@ -78,7 +78,6 @@ IP_SELECTOR=true                # Defines if the user is allowed to change the s
 IP_IGNORE="[]"                  # List of index patterns to be ignored
 
 WAZUH_MONITORING_ENABLED=true       # Custom settings to enable/disable wazuh-monitoring indices
-WAZUH_MONITORING_CREATION=d         # Custom setting to set the wazuh-monitoring-* indices creation interval
 WAZUH_MONITORING_FREQUENCY=900      # Custom setting to set the frequency for wazuh-monitoring indices cron task
 WAZUH_MONITORING_SHARDS=2           # Configure wazuh-monitoring-* indices shards and replicas
 WAZUH_MONITORING_REPLICAS=0         #
@@ -88,67 +87,73 @@ ADMIN_PRIVILEGES=true               # App privileges
 
 ## Directory structure
 
-├── build-wazuh-images.yml
-├── CHANGELOG.md
-├── docker-compose.yml
-├── generate-indexer-certs.yml
-├── LICENSE
-├── production_cluster
-│   ├── nginx
-│   │   ├── nginx.conf
-│   │   └── ssl
-│   │       └── generate-self-signed-cert.sh
-│   ├── wazuh_cluster
-│   │   ├── wazuh_manager.conf
-│   │   └── wazuh_worker.conf
-│   ├── wazuh_dashboard
-│   │   └── opensearch_dashboards.yml
-│   ├── wazuh-indexer
-│   │   ├── internal_users.yml
-│   │   ├── opensearch.yml
-│   │   ├── wazuh1.indexer.yml
-│   │   ├── wazuh2.indexer.yml
-│   │   └── wazuh3.indexer.yml
-│   └── wazuh_indexer_ssl_certs
-│       └── certs.yml
-├── production-cluster.yml
-├── README.md
-├── VERSION
-├── wazuh-dashboard
-│   ├── config
-│   │   ├── opensearch_dashboards.yml
-│   │   ├── entrypoint.sh
-│   │   ├── wazuh_app_config.sh
-│   │   └── wazuh.yml
-│   └── Dockerfile
-├── wazuh-indexer
-│   ├── config
-│   │   ├── config.sh
-│   │   ├── config.yml
-│   │   ├── entrypoint.sh
-│   │   ├── opensearch.yml
-│   │   ├── securityadmin.sh
-│   │   └── unattended_installer.tar.gz
-│   └── Dockerfile
-└── wazuh-manager
-    ├── config
-    │   ├── create_user.py
-    │   ├── etc
-    │   │   ├── cont-init.d
-    │   │   │   ├── 0-wazuh-init
-    │   │   │   ├── 1-config-filebeat
-    │   │   │   └── 2-manager
-    │   │   └── services.d
-    │   │       ├── filebeat
-    │   │       │   ├── finish
-    │   │       │   └── run
-    │   │       └── ossec-logs
-    │   │           └── run
-    │   ├── filebeat.yml
-    │   ├── permanent_data.env
-    │   ├── permanent_data.sh
-    │   └── wazuh.repo
-    └── Dockerfile
+    ├── build-wazuh-images.yml
+    ├── CHANGELOG.md
+    ├── docker-compose.yml
+    ├── generate-indexer-certs.yml
+    ├── indexer_certs_creator
+    │   ├── config
+    │   │   └── entrypoint.sh
+    │   └── Dockerfile
+    ├── LICENSE
+    ├── production_cluster
+    │   ├── nginx
+    │   │   ├── nginx.conf
+    │   │   └── ssl
+    │   │       └── generate-self-signed-cert.sh
+    │   ├── wazuh_cluster
+    │   │   ├── wazuh_manager.conf
+    │   │   └── wazuh_worker.conf
+    │   ├── wazuh_dashboard
+    │   │   ├── opensearch_dashboards.yml
+    │   │   └── wazuh.yml
+    │   ├── wazuh-indexer
+    │   │   ├── internal_users.yml
+    │   │   ├── wazuh1.indexer.yml
+    │   │   ├── wazuh2.indexer.yml
+    │   │   └── wazuh3.indexer.yml
+    │   └── wazuh_indexer_ssl_certs
+    │       └── certs.yml
+    ├── production-cluster.yml
+    ├── README.md
+    ├── VERSION
+    ├── wazuh-dashboard
+    │   ├── config
+    │   │   ├── entrypoint.sh
+    │   │   ├── opensearch_dashboards.yml
+    │   │   ├── wazuh_app_config.sh
+    │   │   └── wazuh.yml
+    │   └── Dockerfile
+    ├── wazuh-indexer
+    │   ├── config
+    │   │   ├── config.sh
+    │   │   ├── config.yml
+    │   │   ├── entrypoint.sh
+    │   │   ├── internal_users.yml
+    │   │   ├── opensearch.yml
+    │   │   ├── roles_mapping.yml
+    │   │   ├── roles.yml
+    │   │   └── securityadmin.sh
+    │   └── Dockerfile
+    └── wazuh-manager
+        ├── config
+        │   ├── create_user.py
+        │   ├── etc
+        │   │   ├── cont-init.d
+        │   │   │   ├── 0-wazuh-init
+        │   │   │   ├── 1-config-filebeat
+        │   │   │   └── 2-manager
+        │   │   └── services.d
+        │   │       ├── filebeat
+        │   │       │   ├── finish
+        │   │       │   └── run
+        │   │       └── ossec-logs
+        │   │           └── run
+        │   ├── filebeat.yml
+        │   ├── permanent_data.env
+        │   ├── permanent_data.sh
+        │   └── wazuh.repo
+        └── Dockerfile
 
 
 ## Branches

wazuh-dashboard/Dockerfile

@@ -61,6 +61,42 @@ ENV USER="wazuh-dashboard" \
     NAME="wazuh-dashboard" \
     INSTALL_DIR="/usr/share/wazuh-dashboard"
 
+# Set Wazuh app variables
+ENV PATTERN="" \
+    CHECKS_PATTERN="" \
+    CHECKS_TEMPLATE="" \
+    CHECKS_API="" \
+    CHECKS_SETUP="" \
+    EXTENSIONS_PCI="" \
+    EXTENSIONS_GDPR="" \
+    EXTENSIONS_HIPAA="" \
+    EXTENSIONS_NIST="" \
+    EXTENSIONS_TSC="" \
+    EXTENSIONS_AUDIT="" \
+    EXTENSIONS_OSCAP="" \
+    EXTENSIONS_CISCAT="" \
+    EXTENSIONS_AWS="" \
+    EXTENSIONS_GCP="" \
+    EXTENSIONS_VIRUSTOTAL="" \
+    EXTENSIONS_OSQUERY="" \
+    EXTENSIONS_DOCKER="" \
+    APP_TIMEOUT="" \
+    API_SELECTOR="" \
+    IP_SELECTOR="" \
+    IP_IGNORE="" \
+    WAZUH_MONITORING_ENABLED="" \
+    WAZUH_MONITORING_FREQUENCY="" \
+    WAZUH_MONITORING_SHARDS="" \
+    WAZUH_MONITORING_REPLICAS="" \
+    ADMIN_PRIVILEGES="" \
+    XPACK_CANVAS="true" \
+    XPACK_LOGS="true"   \
+    XPACK_INFRA="true"  \
+    XPACK_ML="true" \
+    XPACK_DEVTOOLS="true"   \
+    XPACK_MONITORING="true" \
+    XPACK_APM="true"
+
 # Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 RUN useradd --system \

wazuh-dashboard/config/wazuh.yml

@@ -1,7 +1,161 @@
-hosts:
-  - default:
-     url: https://wazuh.manager
-     port: 55000
-     username: wazuh-wui
-     password: wazuh-wui
-     run_as: false
+---
+#
+# Wazuh app - App configuration file
+# Copyright (C) 2015-2021 Wazuh, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Find more information about this on the LICENSE file.
+#
+# ======================== Wazuh app configuration file ========================
+#
+# Please check the documentation for more information on configuration options:
+# https://documentation.wazuh.com/current/installation-guide/index.html
+#
+# Also, you can check our repository:
+# https://github.com/wazuh/wazuh-kibana-app
+#
+# ------------------------------- Index patterns -------------------------------
+#
+# Default index pattern to use.
+#pattern: wazuh-alerts-*
+#
+# ----------------------------------- Checks -----------------------------------
+#
+# Defines which checks must to be consider by the healthcheck
+# step once the Wazuh app starts. Values must to be true or false.
+#checks.pattern : true
+#checks.template: true
+#checks.api     : true
+#checks.setup   : true
+#checks.metaFields: true
+#
+# --------------------------------- Extensions ---------------------------------
+#
+# Defines which extensions should be activated when you add a new API entry.
+# You can change them after Wazuh app starts.
+# Values must to be true or false.
+#extensions.pci       : true
+#extensions.gdpr      : true
+#extensions.hipaa     : true
+#extensions.nist      : true
+#extensions.tsc       : true
+#extensions.audit     : true
+#extensions.oscap     : false
+#extensions.ciscat    : false
+#extensions.aws       : false
+#extensions.gcp       : false
+#extensions.virustotal: false
+#extensions.osquery   : false
+#extensions.docker    : false
+#
+# ---------------------------------- Time out ----------------------------------
+#
+# Defines maximum timeout to be used on the Wazuh app requests.
+# It will be ignored if it is bellow 1500.
+# It means milliseconds before we consider a request as failed.
+# Default: 20000
+#timeout: 20000
+#
+# -------------------------------- API selector --------------------------------
+#
+# Defines if the user is allowed to change the selected
+# API directly from the Wazuh app top menu.
+# Default: true
+#api.selector: true
+#
+# --------------------------- Index pattern selector ---------------------------
+#
+# Defines if the user is allowed to change the selected
+# index pattern directly from the Wazuh app top menu.
+# Default: true
+#ip.selector: true
+#
+# List of index patterns to be ignored
+#ip.ignore: []
+#
+# -------------------------------- X-Pack RBAC ---------------------------------
+#
+# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
+# Default: enabled
+#xpack.rbac.enabled: true
+#
+# ------------------------------ wazuh-monitoring ------------------------------
+#
+# Custom setting to enable/disable wazuh-monitoring indices.
+# Values: true, false, worker
+# If worker is given as value, the app will show the Agents status
+# visualization but won't insert data on wazuh-monitoring indices.
+# Default: true
+#wazuh.monitoring.enabled: true
+#
+# Custom setting to set the frequency for wazuh-monitoring indices cron task.
+# Default: 900 (s)
+#wazuh.monitoring.frequency: 900
+#
+# Configure wazuh-monitoring-* indices shards and replicas.
+#wazuh.monitoring.shards: 2
+#wazuh.monitoring.replicas: 0
+#
+# Configure wazuh-monitoring-* indices custom creation interval.
+# Values: h (hourly), d (daily), w (weekly), m (monthly)
+# Default: d
+#wazuh.monitoring.creation: d
+#
+# Default index pattern to use for Wazuh monitoring
+#wazuh.monitoring.pattern: wazuh-monitoring-*
+#
+# --------------------------------- wazuh-cron ----------------------------------
+#
+# Customize the index prefix of predefined jobs
+# This change is not retroactive, if you change it new indexes will be created
+# cron.prefix: test
+#
+# ------------------------------ wazuh-statistics -------------------------------
+#
+# Custom setting to enable/disable statistics tasks.
+#cron.statistics.status: true
+#
+# Enter the ID of the APIs you want to save data from, leave this empty to run
+# the task on all configured APIs
+#cron.statistics.apis: []
+#
+# Define the frequency of task execution using cron schedule expressions
+#cron.statistics.interval: 0 0 * * * *
+#
+# Define the name of the index in which the documents are to be saved.
+#cron.statistics.index.name: statistics
+#
+# Define the interval in which the index will be created
+#cron.statistics.index.creation: w
+#
+# ------------------------------- App privileges --------------------------------
+#admin: true
+#
+# ---------------------------- Hide manager alerts ------------------------------
+# Hide the alerts of the manager in all dashboards and discover
+#hideManagerAlerts: false
+#
+# ------------------------------- App logging level -----------------------------
+# Set the logging level for the Wazuh App log files.
+# Default value: info
+# Allowed values: info, debug
+#logs.level: info
+#
+# -------------------------------- Enrollment DNS -------------------------------
+# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
+# Default value: ''
+#enrollment.dns: ''
+#
+#-------------------------------- API entries -----------------------------------
+#The following configuration is the default structure to define an API entry.
+#
+#hosts:
+#  - <id>:
+#     url: http(s)://<url>
+#     port: <port>
+#     username: <username>
+#     password: <password>

wazuh-dashboard/config/wazuh_app_config.sh

@@ -9,11 +9,49 @@ api_run_as="${RUN_AS:-false}"
 
 dashboard_config_file="/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml"
 
+declare -A CONFIG_MAP=(
+  [pattern]=$PATTERN
+  [checks.pattern]=$CHECKS_PATTERN
+  [checks.template]=$CHECKS_TEMPLATE
+  [checks.api]=$CHECKS_API
+  [checks.setup]=$CHECKS_SETUP
+  [extensions.pci]=$EXTENSIONS_PCI
+  [extensions.gdpr]=$EXTENSIONS_GDPR
+  [extensions.hipaa]=$EXTENSIONS_HIPAA
+  [extensions.nist]=$EXTENSIONS_NIST
+  [extensions.tsc]=$EXTENSIONS_TSC
+  [extensions.audit]=$EXTENSIONS_AUDIT
+  [extensions.oscap]=$EXTENSIONS_OSCAP
+  [extensions.ciscat]=$EXTENSIONS_CISCAT
+  [extensions.aws]=$EXTENSIONS_AWS
+  [extensions.gcp]=$EXTENSIONS_GCP
+  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
+  [extensions.osquery]=$EXTENSIONS_OSQUERY
+  [extensions.docker]=$EXTENSIONS_DOCKER
+  [timeout]=$APP_TIMEOUT
+  [api.selector]=$API_SELECTOR
+  [ip.selector]=$IP_SELECTOR
+  [ip.ignore]=$IP_IGNORE
+  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
+  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
+  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
+  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
+  [admin]=$ADMIN_PRIVILEGES
+)
+
+for i in "${!CONFIG_MAP[@]}"
+do
+    if [ "${CONFIG_MAP[$i]}" != "" ]; then
+        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $dashboard_config_file
+    fi
+done
+
+
 grep -q 1513629884013 $dashboard_config_file
 _config_exists=$?
 
 if [[ $_config_exists -ne 0 ]]; then
-cat << EOF > $dashboard_config_file
+cat << EOF >> $dashboard_config_file
 hosts:
   - 1513629884013:
       url: $wazuh_url