Merge pull request #588 from wazuh/4.3-wazuhapp

Wazuh app options restore.
2025-10-24 16:43:37 +00:00 · 2022-03-18 16:12:53 +01:00
parent 370826d560 3df1d95ec7
commit 1d6757bbba
4 changed files with 305 additions and 72 deletions
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ In this repository you will find the containers to run:
 In addition, a docker-compose file is provided to launch the containers mentioned above.
-* Wazuh indexer cluster. In the Wazuh indexer Dockerfile we can visualize variables to configure an Wazuh indexer Cluster. These variables are used in the file *config_cluster.sh* to set them in the *opensearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
+* Wazuh indexer cluster. In the Wazuh indexer Dockerfile we can visualize variables to configure an Wazuh indexer Cluster. These variables are used in the file *config_cluster.sh* to set them in the *opensearch.yml* configuration file. You can see the meaning of the node variables and other cluster settings [here](https://opensearch.org/docs/latest/opensearch/cluster/).
 ## Documentation
@@ -48,7 +48,7 @@ SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certi
 SSL_KEY=""                                          # Path of Filebeat SSL Key
 ```
-### Kibana
+### Dashboard
 ```
 PATTERN="wazuh-alerts-*"        # Default index pattern to use
@@ -78,7 +78,6 @@ IP_SELECTOR=true                # Defines if the user is allowed to change the s
 IP_IGNORE="[]"                  # List of index patterns to be ignored
 WAZUH_MONITORING_ENABLED=true       # Custom settings to enable/disable wazuh-monitoring indices
 WAZUH_MONITORING_CREATION=d         # Custom setting to set the wazuh-monitoring-* indices creation interval
 WAZUH_MONITORING_FREQUENCY=900      # Custom setting to set the frequency for wazuh-monitoring indices cron task
 WAZUH_MONITORING_SHARDS=2           # Configure wazuh-monitoring-* indices shards and replicas
 WAZUH_MONITORING_REPLICAS=0         #
@@ -88,67 +87,73 @@ ADMIN_PRIVILEGES=true               # App privileges
 ## Directory structure
-├── build-wazuh-images.yml
+    ├── build-wazuh-images.yml
-├── CHANGELOG.md
+    ├── CHANGELOG.md
-├── docker-compose.yml
+    ├── docker-compose.yml
-├── generate-indexer-certs.yml
+    ├── generate-indexer-certs.yml
-├── LICENSE
+    ├── indexer_certs_creator
-├── production_cluster
+    │   ├── config
-│   ├── nginx
+    │   │   └── entrypoint.sh
-│   │   ├── nginx.conf
+    │   └── Dockerfile
-│   │   └── ssl
+    ├── LICENSE
-│   │       └── generate-self-signed-cert.sh
+    ├── production_cluster
-│   ├── wazuh_cluster
+    │   ├── nginx
-│   │   ├── wazuh_manager.conf
+    │   │   ├── nginx.conf
-│   │   └── wazuh_worker.conf
+    │   │   └── ssl
-│   ├── wazuh_dashboard
+    │   │       └── generate-self-signed-cert.sh
-│   │   └── opensearch_dashboards.yml
+    │   ├── wazuh_cluster
-│   ├── wazuh-indexer
+    │   │   ├── wazuh_manager.conf
-│   │   ├── internal_users.yml
+    │   │   └── wazuh_worker.conf
-│   │   ├── opensearch.yml
+    │   ├── wazuh_dashboard
-│   │   ├── wazuh1.indexer.yml
+    │   │   ├── opensearch_dashboards.yml
-│   │   ├── wazuh2.indexer.yml
+    │   │   └── wazuh.yml
-│   │   └── wazuh3.indexer.yml
+    │   ├── wazuh-indexer
-│   └── wazuh_indexer_ssl_certs
+    │   │   ├── internal_users.yml
-│       └── certs.yml
+    │   │   ├── wazuh1.indexer.yml
-├── production-cluster.yml
+    │   │   ├── wazuh2.indexer.yml
-├── README.md
+    │   │   └── wazuh3.indexer.yml
-├── VERSION
+    │   └── wazuh_indexer_ssl_certs
-├── wazuh-dashboard
+    │       └── certs.yml
-│   ├── config
+    ├── production-cluster.yml
-│   │   ├── opensearch_dashboards.yml
+    ├── README.md
-│   │   ├── entrypoint.sh
+    ├── VERSION
-│   │   ├── wazuh_app_config.sh
+    ├── wazuh-dashboard
-│   │   └── wazuh.yml
+    │   ├── config
-│   └── Dockerfile
+    │   │   ├── entrypoint.sh
-├── wazuh-indexer
+    │   │   ├── opensearch_dashboards.yml
-│   ├── config
+    │   │   ├── wazuh_app_config.sh
-│   │   ├── config.sh
+    │   │   └── wazuh.yml
-│   │   ├── config.yml
+    │   └── Dockerfile
-│   │   ├── entrypoint.sh
+    ├── wazuh-indexer
-│   │   ├── opensearch.yml
+    │   ├── config
-│   │   ├── securityadmin.sh
+    │   │   ├── config.sh
-│   │   └── unattended_installer.tar.gz
+    │   │   ├── config.yml
-│   └── Dockerfile
+    │   │   ├── entrypoint.sh
-└── wazuh-manager
+    │   │   ├── internal_users.yml
-    ├── config
+    │   │   ├── opensearch.yml
-    │   ├── create_user.py
+    │   │   ├── roles_mapping.yml
-    │   ├── etc
+    │   │   ├── roles.yml
-    │   │   ├── cont-init.d
+    │   │   └── securityadmin.sh
-    │   │   │   ├── 0-wazuh-init
+    │   └── Dockerfile
-    │   │   │   ├── 1-config-filebeat
+    └── wazuh-manager
-    │   │   │   └── 2-manager
+        ├── config
-    │   │   └── services.d
+        │   ├── create_user.py
-    │   │       ├── filebeat
+        │   ├── etc
-    │   │       │   ├── finish
+        │   │   ├── cont-init.d
-    │   │       │   └── run
+        │   │   │   ├── 0-wazuh-init
-    │   │       └── ossec-logs
+        │   │   │   ├── 1-config-filebeat
-    │   │           └── run
+        │   │   │   └── 2-manager
-    │   ├── filebeat.yml
+        │   │   └── services.d
-    │   ├── permanent_data.env
+        │   │       ├── filebeat
-    │   ├── permanent_data.sh
+        │   │       │   ├── finish
-    │   └── wazuh.repo
+        │   │       │   └── run
-    └── Dockerfile
+        │   │       └── ossec-logs
        │   │           └── run
        │   ├── filebeat.yml
        │   ├── permanent_data.env
        │   ├── permanent_data.sh
        │   └── wazuh.repo
        └── Dockerfile
 ## Branches
--- a/wazuh-dashboard/Dockerfile
+++ b/wazuh-dashboard/Dockerfile
@@ -61,6 +61,42 @@ ENV USER="wazuh-dashboard" \
    NAME="wazuh-dashboard" \
    INSTALL_DIR="/usr/share/wazuh-dashboard"
 # Set Wazuh app variables
 ENV PATTERN="" \
    CHECKS_PATTERN="" \
    CHECKS_TEMPLATE="" \
    CHECKS_API="" \
    CHECKS_SETUP="" \
    EXTENSIONS_PCI="" \
    EXTENSIONS_GDPR="" \
    EXTENSIONS_HIPAA="" \
    EXTENSIONS_NIST="" \
    EXTENSIONS_TSC="" \
    EXTENSIONS_AUDIT="" \
    EXTENSIONS_OSCAP="" \
    EXTENSIONS_CISCAT="" \
    EXTENSIONS_AWS="" \
    EXTENSIONS_GCP="" \
    EXTENSIONS_VIRUSTOTAL="" \
    EXTENSIONS_OSQUERY="" \
    EXTENSIONS_DOCKER="" \
    APP_TIMEOUT="" \
    API_SELECTOR="" \
    IP_SELECTOR="" \
    IP_IGNORE="" \
    WAZUH_MONITORING_ENABLED="" \
    WAZUH_MONITORING_FREQUENCY="" \
    WAZUH_MONITORING_SHARDS="" \
    WAZUH_MONITORING_REPLICAS="" \
    ADMIN_PRIVILEGES="" \
    XPACK_CANVAS="true" \
    XPACK_LOGS="true"   \
    XPACK_INFRA="true"  \
    XPACK_ML="true" \
    XPACK_DEVTOOLS="true"   \
    XPACK_MONITORING="true" \
    XPACK_APM="true"
 # Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 RUN useradd --system \
--- a/wazuh-dashboard/config/wazuh.yml
+++ b/wazuh-dashboard/config/wazuh.yml
@@ -1,7 +1,161 @@
-hosts:
+---
-  - default:
+#
-     url: https://wazuh.manager
+# Wazuh app - App configuration file
-     port: 55000
+# Copyright (C) 2015-2021 Wazuh, Inc.
-     username: wazuh-wui
+#
-     password: wazuh-wui
+# This program is free software; you can redistribute it and/or modify
-     run_as: false
+# it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # Find more information about this on the LICENSE file.
 #
 # ======================== Wazuh app configuration file ========================
 #
 # Please check the documentation for more information on configuration options:
 # https://documentation.wazuh.com/current/installation-guide/index.html
 #
 # Also, you can check our repository:
 # https://github.com/wazuh/wazuh-kibana-app
 #
 # ------------------------------- Index patterns -------------------------------
 #
 # Default index pattern to use.
 #pattern: wazuh-alerts-*
 #
 # ----------------------------------- Checks -----------------------------------
 #
 # Defines which checks must to be consider by the healthcheck
 # step once the Wazuh app starts. Values must to be true or false.
 #checks.pattern : true
 #checks.template: true
 #checks.api     : true
 #checks.setup   : true
 #checks.metaFields: true
 #
 # --------------------------------- Extensions ---------------------------------
 #
 # Defines which extensions should be activated when you add a new API entry.
 # You can change them after Wazuh app starts.
 # Values must to be true or false.
 #extensions.pci       : true
 #extensions.gdpr      : true
 #extensions.hipaa     : true
 #extensions.nist      : true
 #extensions.tsc       : true
 #extensions.audit     : true
 #extensions.oscap     : false
 #extensions.ciscat    : false
 #extensions.aws       : false
 #extensions.gcp       : false
 #extensions.virustotal: false
 #extensions.osquery   : false
 #extensions.docker    : false
 #
 # ---------------------------------- Time out ----------------------------------
 #
 # Defines maximum timeout to be used on the Wazuh app requests.
 # It will be ignored if it is bellow 1500.
 # It means milliseconds before we consider a request as failed.
 # Default: 20000
 #timeout: 20000
 #
 # -------------------------------- API selector --------------------------------
 #
 # Defines if the user is allowed to change the selected
 # API directly from the Wazuh app top menu.
 # Default: true
 #api.selector: true
 #
 # --------------------------- Index pattern selector ---------------------------
 #
 # Defines if the user is allowed to change the selected
 # index pattern directly from the Wazuh app top menu.
 # Default: true
 #ip.selector: true
 #
 # List of index patterns to be ignored
 #ip.ignore: []
 #
 # -------------------------------- X-Pack RBAC ---------------------------------
 #
 # Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
 # Default: enabled
 #xpack.rbac.enabled: true
 #
 # ------------------------------ wazuh-monitoring ------------------------------
 #
 # Custom setting to enable/disable wazuh-monitoring indices.
 # Values: true, false, worker
 # If worker is given as value, the app will show the Agents status
 # visualization but won't insert data on wazuh-monitoring indices.
 # Default: true
 #wazuh.monitoring.enabled: true
 #
 # Custom setting to set the frequency for wazuh-monitoring indices cron task.
 # Default: 900 (s)
 #wazuh.monitoring.frequency: 900
 #
 # Configure wazuh-monitoring-* indices shards and replicas.
 #wazuh.monitoring.shards: 2
 #wazuh.monitoring.replicas: 0
 #
 # Configure wazuh-monitoring-* indices custom creation interval.
 # Values: h (hourly), d (daily), w (weekly), m (monthly)
 # Default: d
 #wazuh.monitoring.creation: d
 #
 # Default index pattern to use for Wazuh monitoring
 #wazuh.monitoring.pattern: wazuh-monitoring-*
 #
 # --------------------------------- wazuh-cron ----------------------------------
 #
 # Customize the index prefix of predefined jobs
 # This change is not retroactive, if you change it new indexes will be created
 # cron.prefix: test
 #
 # ------------------------------ wazuh-statistics -------------------------------
 #
 # Custom setting to enable/disable statistics tasks.
 #cron.statistics.status: true
 #
 # Enter the ID of the APIs you want to save data from, leave this empty to run
 # the task on all configured APIs
 #cron.statistics.apis: []
 #
 # Define the frequency of task execution using cron schedule expressions
 #cron.statistics.interval: 0 0 * * * *
 #
 # Define the name of the index in which the documents are to be saved.
 #cron.statistics.index.name: statistics
 #
 # Define the interval in which the index will be created
 #cron.statistics.index.creation: w
 #
 # ------------------------------- App privileges --------------------------------
 #admin: true
 #
 # ---------------------------- Hide manager alerts ------------------------------
 # Hide the alerts of the manager in all dashboards and discover
 #hideManagerAlerts: false
 #
 # ------------------------------- App logging level -----------------------------
 # Set the logging level for the Wazuh App log files.
 # Default value: info
 # Allowed values: info, debug
 #logs.level: info
 #
 # -------------------------------- Enrollment DNS -------------------------------
 # Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
 # Default value: ''
 #enrollment.dns: ''
 #
 #-------------------------------- API entries -----------------------------------
 #The following configuration is the default structure to define an API entry.
 #
 #hosts:
 #  - <id>:
 #     url: http(s)://<url>
 #     port: <port>
 #     username: <username>
 #     password: <password>
--- a/wazuh-dashboard/config/wazuh_app_config.sh
+++ b/wazuh-dashboard/config/wazuh_app_config.sh
@@ -9,11 +9,49 @@ api_run_as="${RUN_AS:-false}"
 dashboard_config_file="/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml"
 declare -A CONFIG_MAP=(
  [pattern]=$PATTERN
  [checks.pattern]=$CHECKS_PATTERN
  [checks.template]=$CHECKS_TEMPLATE
  [checks.api]=$CHECKS_API
  [checks.setup]=$CHECKS_SETUP
  [extensions.pci]=$EXTENSIONS_PCI
  [extensions.gdpr]=$EXTENSIONS_GDPR
  [extensions.hipaa]=$EXTENSIONS_HIPAA
  [extensions.nist]=$EXTENSIONS_NIST
  [extensions.tsc]=$EXTENSIONS_TSC
  [extensions.audit]=$EXTENSIONS_AUDIT
  [extensions.oscap]=$EXTENSIONS_OSCAP
  [extensions.ciscat]=$EXTENSIONS_CISCAT
  [extensions.aws]=$EXTENSIONS_AWS
  [extensions.gcp]=$EXTENSIONS_GCP
  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
  [extensions.osquery]=$EXTENSIONS_OSQUERY
  [extensions.docker]=$EXTENSIONS_DOCKER
  [timeout]=$APP_TIMEOUT
  [api.selector]=$API_SELECTOR
  [ip.selector]=$IP_SELECTOR
  [ip.ignore]=$IP_IGNORE
  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
  [admin]=$ADMIN_PRIVILEGES
 )
 for i in "${!CONFIG_MAP[@]}"
 do
    if [ "${CONFIG_MAP[$i]}" != "" ]; then
        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $dashboard_config_file
    fi
 done
 grep -q 1513629884013 $dashboard_config_file
 _config_exists=$?
 if [[ $_config_exists -ne 0 ]]; then
-cat << EOF > $dashboard_config_file
+cat << EOF >> $dashboard_config_file
 hosts:
  - 1513629884013:
      url: $wazuh_url