From 91625f412c1e3fbc45b8e617596ef8973d1c9c49 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 1 Dec 2022 19:35:35 -0300 Subject: [PATCH] change indexer and manager configuration for 4.4 version --- build-docker-images/wazuh-indexer/Dockerfile | 7 ++-- .../wazuh-indexer/config/config.sh | 9 ++--- .../wazuh-indexer/config/entrypoint.sh | 12 +++---- .../wazuh-indexer/config/opensearch.yml | 12 +++---- .../wazuh-indexer/config/securityadmin.sh | 2 +- multi-node/config/certs.yml | 2 +- multi-node/docker-compose.yml | 34 +++++++++---------- single-node/config/certs.yml | 2 +- .../config/wazuh_cluster/wazuh_manager.conf | 6 ++-- .../config/wazuh_indexer/wazuh.indexer.yml | 14 ++++---- single-node/docker-compose.yml | 14 ++++---- single-node/generate-indexer-certs.yml | 2 +- 12 files changed, 60 insertions(+), 56 deletions(-) diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index d126d18e..696c0462 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -59,14 +59,15 @@ COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/s COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d +RUN chown -R 1000:1000 /usr/share/wazuh-indexer RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \ mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \ mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \ mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \ - chmod 700 /usr/share/wazuh-indexer/config && \ - chmod 600 /usr/share/wazuh-indexer/config/jvm.options && \ - chmod 600 /usr/share/wazuh-indexer/config/opensearch.yml + chmod 700 /usr/share/wazuh-indexer && \ + chmod 600 /usr/share/wazuh-indexer/jvm.options && \ + chmod 600 /usr/share/wazuh-indexer/opensearch.yml USER wazuh-indexer diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index a0bc0750..eb01f8b4 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -13,7 +13,7 @@ export LOG_DIR=/var/log/${NAME} export LIB_DIR=/var/lib/${NAME} export PID_DIR=/run/${NAME} export INSTALLATION_DIR=/usr/share/${NAME} -export CONFIG_DIR=${INSTALLATION_DIR}/config +export CONFIG_DIR=${INSTALLATION_DIR} export BASE_DIR=${NAME}-* export INDEXER_FILE=wazuh-indexer-base.tar.xz export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz @@ -93,6 +93,7 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A # copy to target mkdir -p ${TARGET_DIR}${INSTALLATION_DIR} +mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ mkdir -p ${TARGET_DIR}${CONFIG_DIR} mkdir -p ${TARGET_DIR}${LIB_DIR} mkdir -p ${TARGET_DIR}${LOG_DIR} @@ -117,9 +118,9 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR} cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ # Copy Wazuh's config files for the security plugin -cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/ -cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/ -cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/ +cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 9b8747b5..2acb4aa0 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -6,7 +6,7 @@ umask 0002 export USER=wazuh-indexer export INSTALLATION_DIR=/usr/share/wazuh-indexer -export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config +export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR} export JAVA_HOME=${INSTALLATION_DIR}/jdk export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) @@ -59,7 +59,7 @@ if [[ -f bin/opensearch-users ]]; then # enabled, but we have no way of knowing which node we are yet. We'll just # honor the variable if it's present. if [[ -n "$INDEXER_PASSWORD" ]]; then - [[ -f /usr/share/wazuh-indexer/config/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create) + [[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create) if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then # keystore is unencrypted if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then @@ -84,10 +84,10 @@ if [[ "$(id -u)" == "0" ]]; then fi -if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then +#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then # run securityadmin.sh for single node with CACERT, CERT and KEY parameter - nohup /securityadmin.sh & - touch "/var/lib/wazuh-indexer/.flag" -fi +# nohup /securityadmin.sh & +# touch "/var/lib/wazuh-indexer/.flag" +#fi run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/opensearch.yml b/build-docker-images/wazuh-indexer/config/opensearch.yml index 4e944c89..1f0a78b3 100644 --- a/build-docker-images/wazuh-indexer/config/opensearch.yml +++ b/build-docker-images/wazuh-indexer/config/opensearch.yml @@ -4,12 +4,12 @@ path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer discovery.type: single-node compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem +plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem +plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/build-docker-images/wazuh-indexer/config/securityadmin.sh b/build-docker-images/wazuh-indexer/config/securityadmin.sh index 1fcf6467..df576cf4 100644 --- a/build-docker-images/wazuh-indexer/config/securityadmin.sh +++ b/build-docker-images/wazuh-indexer/config/securityadmin.sh @@ -1,3 +1,3 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) sleep 30 -bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9300 -icl \ No newline at end of file +bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9200 -icl \ No newline at end of file diff --git a/multi-node/config/certs.yml b/multi-node/config/certs.yml index f88f5f7f..5c3f4f1d 100644 --- a/multi-node/config/certs.yml +++ b/multi-node/config/certs.yml @@ -21,4 +21,4 @@ nodes: # Wazuh dashboard node dashboard: - name: wazuh.dashboard - ip: wazuh.dashboard \ No newline at end of file + ip: wazuh.dashboard diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 0dd6a427..0f54c72d 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -84,13 +84,13 @@ services: hard: 65536 volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem - - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem - - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem + - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem + - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: image: wazuh/wazuh-indexer:4.4.0 @@ -108,11 +108,11 @@ services: hard: 65536 volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.pem - - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: image: wazuh/wazuh-indexer:4.4.0 @@ -130,11 +130,11 @@ services: hard: 65536 volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.pem - - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:4.4.0 diff --git a/single-node/config/certs.yml b/single-node/config/certs.yml index 8cb8d3f2..c3e017be 100755 --- a/single-node/config/certs.yml +++ b/single-node/config/certs.yml @@ -13,4 +13,4 @@ nodes: # Wazuh dashboard node dashboard: - name: wazuh.dashboard - ip: wazuh.dashboard \ No newline at end of file + ip: wazuh.dashboard diff --git a/single-node/config/wazuh_cluster/wazuh_manager.conf b/single-node/config/wazuh_cluster/wazuh_manager.conf index cd432c19..9aea806a 100644 --- a/single-node/config/wazuh_cluster/wazuh_manager.conf +++ b/single-node/config/wazuh_cluster/wazuh_manager.conf @@ -331,14 +331,14 @@ wazuh node01 master - + aa093264ef885029653eea20dfcf51ae 1516 0.0.0.0 - NODE_IP + wazuh.manager no - yes + no diff --git a/single-node/config/wazuh_indexer/wazuh.indexer.yml b/single-node/config/wazuh_indexer/wazuh.indexer.yml index e87e35ea..84c3dbf9 100644 --- a/single-node/config/wazuh_indexer/wazuh.indexer.yml +++ b/single-node/config/wazuh_indexer/wazuh.indexer.yml @@ -3,13 +3,15 @@ node.name: "wazuh.indexer" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer discovery.type: single-node +http.port: 9200-9299 +transport.tcp.port: 9300-9399 compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem +plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 8b4b75e1..61b71f7d 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -55,13 +55,13 @@ services: hard: 65536 volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem - - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem - - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem + - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem + - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:4.4.0 diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml index a3398661..d10151fd 100644 --- a/single-node/generate-indexer-certs.yml +++ b/single-node/generate-indexer-certs.yml @@ -7,4 +7,4 @@ services: hostname: wazuh-certs-generator volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml \ No newline at end of file + - ./config/certs.yml:/config/certs.yml