From 503200ea7075530543c94bbe8a299b47a1864862 Mon Sep 17 00:00:00 2001
From: AlfonsoRBJ <sitoruizbravo@hotmail.com>
Date: Thu, 5 Dec 2019 11:52:03 +0100
Subject: [PATCH] Remove kibana custom configuration (#279)

Former-commit-id: fcca484a9ecd401eda41ebe907a45ee13051d77c
---
 docker-compose.yml                            |  6 ++--
 kibana/Dockerfile                             |  6 ++--
 kibana/config/20-entrypoint.sh                |  1 -
 .../config/20-entrypoint_kibana_settings.sh   |  6 ++--
 .../20-entrypoint_security_configuration.sh   | 28 -------------------
 5 files changed, 8 insertions(+), 39 deletions(-)
 delete mode 100644 kibana/config/20-entrypoint_security_configuration.sh

diff --git a/docker-compose.yml b/docker-compose.yml
index 2f59ee73..d500aeb1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,8 +11,8 @@ services:
       - "1515:1515"
       - "514:514/udp"
       - "55000:55000"
-    depends_on:
-      - logstash
+  #   depends_on:
+  #     - logstash
   # logstash:
   #   image: wazuh/wazuh-elasticsearch:3.10.2_7.3.2
   #   hostname: logstash
@@ -71,8 +71,6 @@ services:
       - SECURITY_ENABLED=no
       - SECURITY_KIBANA_USER=service_kibana
       - SECURITY_KIBANA_PASS=kibana_pass
-      - SECURITY_KIBANA_SSL_KEY_PATH=/usr/share/kibana/config/ssl/private
-      - SECURITY_KIBANA_SSL_CERT_PATH=/usr/share/kibana/config/ssl/certs
       - ELASTICSEARCH_KIBANA_IP=https://elasticsearch:9200
       - SECURITY_CA_PEM=server.TEST-CA-signed.pem
     ports:
diff --git a/kibana/Dockerfile b/kibana/Dockerfile
index 216057cb..464dfe1d 100644
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -20,6 +20,8 @@ RUN mkdir /entrypoint-scripts
 
 USER kibana
 
+ENV CONFIGURATION_FROM_FILE="false"
+
 ENV PATTERN="" \
     CHECKS_PATTERN="" \
     CHECKS_TEMPLATE="" \
@@ -65,13 +67,11 @@ COPY --chown=kibana:kibana ./config/15-decrypt_credentials.sh /entrypoint-script
 COPY --chown=kibana:kibana ./config/20-entrypoint.sh /entrypoint-scripts/20-entrypoint.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint_kibana_settings.sh ./
 COPY --chown=kibana:kibana ./config/20-entrypoint_certs_management.sh ./
-COPY --chown=kibana:kibana ./config/20-entrypoint_security_configuration.sh ./
 RUN chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \
     chmod +x /entrypoint-scripts/15-decrypt_credentials.sh && \
     chmod +x /entrypoint-scripts/20-entrypoint.sh && \
     chmod +x ./20-entrypoint_kibana_settings.sh && \
-    chmod +x ./20-entrypoint_certs_management.sh && \
-    chmod +x ./20-entrypoint_security_configuration.sh
+    chmod +x ./20-entrypoint_certs_management.sh
 
 COPY --chown=kibana:kibana ./config/xpack_config.sh ./
 
diff --git a/kibana/config/20-entrypoint.sh b/kibana/config/20-entrypoint.sh
index 9addf10c..4df616f5 100644
--- a/kibana/config/20-entrypoint.sh
+++ b/kibana/config/20-entrypoint.sh
@@ -113,7 +113,6 @@ fi
 if [[ $SECURITY_ENABLED == "yes" ]]; then
 
   bash /usr/share/kibana/20-entrypoint_certs_management.sh
-  bash /usr/share/kibana/20-entrypoint_security_configuration.sh
 
 fi
 
diff --git a/kibana/config/20-entrypoint_kibana_settings.sh b/kibana/config/20-entrypoint_kibana_settings.sh
index 8abe2947..754813e7 100644
--- a/kibana/config/20-entrypoint_kibana_settings.sh
+++ b/kibana/config/20-entrypoint_kibana_settings.sh
@@ -17,7 +17,7 @@ WAZUH_MAJOR=3
 ##############################################################################
 # Customize elasticsearch ip
 ##############################################################################
-if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
+if [[ "$ELASTICSEARCH_KIBANA_IP" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
   sed -i "s:#elasticsearch.hosts:elasticsearch.hosts:g" /usr/share/kibana/config/kibana.yml
   sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
 fi
@@ -25,7 +25,7 @@ fi
 echo "SETTINGS - Update Elasticsearch host."
 
 # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
-if [ "$KIBANA_INDEX" != "" ]; then
+if [[ "$KIBANA_INDEX" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
   if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
     sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
   fi
@@ -33,7 +33,7 @@ if [ "$KIBANA_INDEX" != "" ]; then
 fi
 
 # If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false.
-if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
+if [[ "$XPACK_SECURITY_ENABLED" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
   if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
     sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
   fi
diff --git a/kibana/config/20-entrypoint_security_configuration.sh b/kibana/config/20-entrypoint_security_configuration.sh
deleted file mode 100644
index 9f482ff9..00000000
--- a/kibana/config/20-entrypoint_security_configuration.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-##############################################################################
-# Adapt kibana.yml configuration file 
-##############################################################################
-
-if [[ $SECURITY_ENABLED == "yes" ]]; then
-
-    echo "CONFIGURATION - Setting security Kibana configuiration options."
-
-    # Example:
-
-    #     echo "
-    # # Elasticsearch from/to Kibana
-    # elasticsearch.ssl.certificateAuthorities: [\"/usr/share/kibana/config/CA.pem\"]
-
-    # server.ssl.enabled: true
-    # server.ssl.certificate: /usr/share/kibana/config/ssl/certs/cert.pem
-    # server.ssl.key: /usr/share/kibana/config/ssl/private/cert.key
-    # server.ssl.supportedProtocols: 
-    #     - TLSv1.1
-    #     - TLSv1.2
-    # " >> /usr/share/kibana/config/kibana.yml
-
-fi
\ No newline at end of file