Update config and certs path

generate-indexer-certs.yml

@@ -6,5 +6,5 @@ services:
     image: wazuh/wazuh-certs-generator:0.0.1
     hostname: wazuh-certs-generator
     volumes:
-      - ./production_cluster/wazuh_indexer_ssl_certs/certs.yml:/unattended_installer/install_functions/config.yml
+      - ./production_cluster/wazuh_indexer_ssl_certs/certs.yml:/config.yml
       - ./production_cluster/wazuh_indexer_ssl_certs/:/certificates/

indexer_certs_creator/Dockerfile

@@ -1,16 +1,14 @@
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
 FROM ubuntu:focal
 
-RUN apt-get update && apt-get install openssl -y
+RUN apt-get update && apt-get install openssl curl -y
 
 WORKDIR /
 
-COPY config/unattended_installer.tar.gz /
+RUN curl -o wazuh-cert-tool.sh https://s3.us-west-1.amazonaws.com/packages.wazuh.com/4.x/wazuh-cert-tool.sh
 
 COPY config/entrypoint.sh /
 
-RUN tar -xzvf /unattended_installer.tar.gz
-
-RUN chmod 700 /entrypoint.sh && chmod -R 700 unattended_installer
+RUN chmod 700 /entrypoint.sh && chmod 700 /wazuh-cert-tool.sh
 
 ENTRYPOINT ["/entrypoint.sh"]

indexer_certs_creator/config/entrypoint.sh

@@ -5,8 +5,8 @@
 # Creating Cluster certificates
 ##############################################################################
 
-/unattended_installer/install_functions/wazuh-cert-tool.sh
+/wazuh-cert-tool.sh
 echo "Moving created certificates to destination directory"
-cp /unattended_installer/install_functions/certs/* /certificates/
+cp /certs/* /certificates/
 echo "changing certificate permissions"
 chmod -R 666 /certificates/*

indexer_certs_creator/config/wazuh-cert-tool.sh

@@ -0,0 +1,434 @@
+#!/bin/bash
+
+# Program to generate the certificates necessary for Wazuh installation
+# Copyright (C) 2015, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+if [ -z "${base_path}" ]; then
+    readonly base_path="$(dirname "$(readlink -f "$0")")"
+    readonly config_file="${base_path}/config.yml"
+fi
+
+if [[ -z "${logfile}" ]]; then
+    readonly logfile="/var/log/wazuh-cert-tool.log"
+fi
+
+debug_cert=">> ${logfile} 2>&1"
+
+function cleanFiles() {
+
+    eval "rm -f ${base_path}/certs/*.csr ${debug_cert}"
+    eval "rm -f ${base_path}/certs/*.srl ${debug_cert}"
+    eval "rm -f ${base_path}/certs/*.conf ${debug_cert}"
+    eval "rm -f ${base_path}/certs/admin-key-temp.pem ${debug_cert}"
+
+}
+
+function checkOpenSSL() {
+    if [ -z "$(command -v openssl)" ]; then
+        logger_cert -e "OpenSSL not installed."
+        exit 1
+    fi
+}
+
+function logger_cert() {
+    now=$(date +'%d/%m/%Y %H:%M:%S')
+    mtype="INFO:"
+    debugLogger=
+    disableHeader=
+    if [ -n "${1}" ]; then
+        while [ -n "${1}" ]; do
+            case ${1} in
+                "-e")
+                    mtype="ERROR:"
+                    shift 1
+                    ;;
+                "-w")
+                    mtype="WARNING:"
+                    shift 1
+                    ;;
+                "-dh")
+                    disableHeader=1
+                    shift 1
+                    ;;
+                "-d")
+                    debugLogger=1
+                    shift 1
+                    ;;
+                *)
+                    message="${1}"
+                    shift 1
+                    ;;
+            esac
+        done
+    fi
+
+    if [ -z "${debugLogger}" ] || ( [ -n "${debugLogger}" ] && [ -n "${debugEnabled}" ] ); then
+        if [ -n "${disableHeader}" ]; then
+            echo "${message}" | tee -a ${logfile}
+        else
+            echo "${now} ${mtype} ${message}" | tee -a ${logfile}
+        fi
+    fi
+}
+
+function generateAdmincertificate() {
+
+    eval "openssl genrsa -out ${base_path}/certs/admin-key-temp.pem 2048 ${debug_cert}"
+    eval "openssl pkcs8 -inform PEM -outform PEM -in ${base_path}/certs/admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out ${base_path}/certs/admin-key.pem ${debug_cert}"
+    eval "openssl req -new -key ${base_path}/certs/admin-key.pem -out ${base_path}/certs/admin.csr -batch -subj '/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin' ${debug_cert}"
+    eval "openssl x509 -days 3650 -req -in ${base_path}/certs/admin.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -sha256 -out ${base_path}/certs/admin.pem ${debug_cert}"
+    eval "chmod 444 ${base_path}/certs/admin*.pem ${debug_cert}"
+
+}
+
+function generateCertificateconfiguration() {
+
+    cat > "${base_path}/certs/${1}.conf" <<- EOF
+        [ req ]
+        prompt = no
+        default_bits = 2048
+        default_md = sha256
+        distinguished_name = req_distinguished_name
+        x509_extensions = v3_req
+
+        [req_distinguished_name]
+        C = US
+        L = California
+        O = Wazuh
+        OU = Wazuh
+        CN = cname
+
+        [ v3_req ]
+        authorityKeyIdentifier=keyid,issuer
+        basicConstraints = CA:FALSE
+        keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+        subjectAltName = @alt_names
+
+        [alt_names]
+        IP.1 = cip
+	EOF
+
+    conf="$(awk '{sub("CN = cname", "CN = '${1}'")}1' "${base_path}/certs/${1}.conf")"
+    echo "${conf}" > "${base_path}/certs/${1}.conf"
+
+    isIP=$(echo "${2}" | grep -P "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$")
+    isDNS=$(echo "${2}" | grep -P "^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+$" )
+
+    if [[ -n "${isIP}" ]]; then
+        conf="$(awk '{sub("IP.1 = cip", "IP.1 = '${2}'")}1' "${base_path}/certs/${1}.conf")"
+        echo "${conf}" > "${base_path}/certs/${1}.conf"
+    elif [[ -n "${isDNS}" ]]; then
+        conf="$(awk '{sub("CN = cname", "CN =  '${2}'")}1' "${base_path}/certs/${1}.conf")"
+        echo "${conf}" > "${base_path}/certs/${1}.conf"
+        conf="$(awk '{sub("IP.1 = cip", "DNS.1 = '${2}'")}1' "${base_path}/certs/${1}.conf")"
+        echo "${conf}" > "${base_path}/certs/${1}.conf"
+    else
+        logger_cert -e "The given information does not match with an IP address or a DNS."
+        exit 1
+    fi
+
+}
+
+function generateIndexercertificates() {
+
+    if [ ${#indexer_node_names[@]} -gt 0 ]; then
+        logger_cert -d "Creating the Wazuh indexer certificates."
+
+        for i in "${!indexer_node_names[@]}"; do
+            generateCertificateconfiguration "${indexer_node_names[i]}" "${indexer_node_ips[i]}"
+            eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${indexer_node_names[i]}-key.pem -out ${base_path}/certs/${indexer_node_names[i]}.csr -config ${base_path}/certs/${indexer_node_names[i]}.conf -days 3650 ${debug_cert}"
+            eval "openssl x509 -req -in ${base_path}/certs/${indexer_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${indexer_node_names[i]}.pem -extfile ${base_path}/certs/${indexer_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}"
+            eval "chmod 444 ${base_path}/certs/${indexer_node_names[i]}-key.pem ${debug_cert}"
+        done
+    fi
+
+}
+
+function generateFilebeatcertificates() {
+
+    if [ ${#wazuh_servers_node_names[@]} -gt 0 ]; then
+        logger_cert -d "Creating the Wazuh server certificates."
+
+        for i in "${!wazuh_servers_node_names[@]}"; do
+            generateCertificateconfiguration "${wazuh_servers_node_names[i]}" "${wazuh_servers_node_ips[i]}"
+            eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${wazuh_servers_node_names[i]}-key.pem -out ${base_path}/certs/${wazuh_servers_node_names[i]}.csr -config ${base_path}/certs/${wazuh_servers_node_names[i]}.conf -days 3650 ${debug_cert}"
+            eval "openssl x509 -req -in ${base_path}/certs/${wazuh_servers_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${wazuh_servers_node_names[i]}.pem -extfile ${base_path}/certs/${wazuh_servers_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}"
+        done
+    fi
+
+}
+
+function generateDashboardcertificates() {
+
+    if [ ${#dashboard_node_names[@]} -gt 0 ]; then
+        logger_cert -d "Creating the Wazuh dashboard certificates."
+
+        for i in "${!dashboard_node_names[@]}"; do
+            generateCertificateconfiguration "${dashboard_node_names[i]}" "${dashboard_node_ips[i]}"
+            eval "openssl req -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/${dashboard_node_names[i]}-key.pem -out ${base_path}/certs/${dashboard_node_names[i]}.csr -config ${base_path}/certs/${dashboard_node_names[i]}.conf -days 3650 ${debug_cert}"
+            eval "openssl x509 -req -in ${base_path}/certs/${dashboard_node_names[i]}.csr -CA ${base_path}/certs/root-ca.pem -CAkey ${base_path}/certs/root-ca.key -CAcreateserial -out ${base_path}/certs/${dashboard_node_names[i]}.pem -extfile ${base_path}/certs/${dashboard_node_names[i]}.conf -extensions v3_req -days 3650 ${debug_cert}"
+            eval "chmod 444 ${base_path}/certs/${dashboard_node_names[i]}-key.pem ${debug_cert}"
+        done
+    fi
+
+}
+
+function generateRootCAcertificate() {
+
+    logger_cert -d "Creating the root certificate."
+
+    eval "openssl req -x509 -new -nodes -newkey rsa:2048 -keyout ${base_path}/certs/root-ca.key -out ${base_path}/certs/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650 ${debug_cert}"
+
+}
+
+function getHelp() {
+
+    echo -e ""
+    echo -e "NAME"
+    echo -e "        wazuh-cert-tool.sh - Manages the creation of certificates of the Wazuh components."
+    echo -e ""
+    echo -e "SYNOPSIS"
+    echo -e "        wazuh-cert-tool.sh [OPTIONS]"
+    echo -e ""
+    echo -e "DESCRIPTION"
+    echo -e "        -a,  --admin-certificates"
+    echo -e "                Creates the admin certificates."
+    echo -e ""
+    echo -e "        -ca, --root-ca-certificates"
+    echo -e "                Creates the root-ca certificates."
+    echo -e ""
+    echo -e "        -v,  --verbose"
+    echo -e "                Enables verbose mode."
+    echo -e ""
+    echo -e "        -wd,  --wazuh-dashboard-certificates"
+    echo -e "                Creates the Wazuh dashboard certificates."
+    echo -e ""
+    echo -e "        -wi,  --wazuh-indexer-certificates"
+    echo -e "                Creates the Wazuh indexer certificates."
+    echo -e ""
+    echo -e "        -ws,  --wazuh-server-certificates"
+    echo -e "                Creates the Wazuh server certificates."
+
+    exit 1
+
+}
+
+function main() {
+
+    if [ "$EUID" -ne 0 ]; then
+        logger_cert -e "This script must be run as root."
+        exit 1
+    fi
+
+    checkOpenSSL
+
+    if [[ -d ${base_path}/certs ]]; then
+        logger_cert -e "Folder ${base_path}/certs already exists. Please, remove the /certs folder to create new certificates."
+        exit 1
+    else
+        mkdir "${base_path}/certs"
+    fi
+
+    if [ -n "${1}" ]; then
+        while [ -n "${1}" ]
+        do
+            case "${1}" in
+            "-a"|"--admin-certificates")
+                cadmin=1
+                shift 1
+                ;;
+            "-ca"|"--root-ca-certificate")
+                ca=1
+                shift 1
+                ;;
+            "-h"|"--help")
+                getHelp
+                ;;
+            "-v"|"--verbose")
+                debugEnabled=1
+                shift 1
+                ;;
+            "-wd"|"--wazuh-dashboard-certificates")
+                cdashboard=1
+                shift 1
+                ;;
+            "-wi"|"--wazuh-indexer-certificates")
+                cindexer=1
+                shift 1
+                ;;
+            "-ws"|"--wazuh-server-certificates")
+                cserver=1
+                shift 1
+                ;;
+            *)
+                getHelp
+            esac
+        done
+
+        readConfig
+
+        if [ -n "${debugEnabled}" ]; then
+            debug_cert="2>&1 | tee -a ${logfile}"
+        fi
+
+        if [[ -n "${cadmin}" ]]; then
+            generateAdmincertificate
+            logger_cert "Admin certificates created."
+        fi
+
+        if [[ -n "${ca}" ]]; then
+            generateRootCAcertificate
+            logger_cert "Authority certificates created."
+        fi
+
+        if [[ -n "${cindexer}" ]]; then
+            generateIndexercertificates
+            logger_cert "Wazuh indexer certificates created."
+        fi
+
+        if [[ -n "${cserver}" ]]; then
+            generateFilebeatcertificates
+            logger_cert "Wazuh server certificates created."
+        fi
+
+        if [[ -n "${cdashboard}" ]]; then
+            generateDashboardcertificates
+            logger_cert "Wazuh dashboard certificates created."
+        fi
+
+    else
+        readConfig
+        generateRootCAcertificate
+        generateAdmincertificate
+        generateIndexercertificates
+        generateFilebeatcertificates
+        generateDashboardcertificates
+        cleanFiles
+    fi
+
+}
+
+function parse_yaml() {
+
+    local prefix=${2}
+    local s='[[:space:]]*'
+    local w='[a-zA-Z0-9_]*'
+    local fs=$(echo @|tr @ '\034')
+    sed -ne "s|^\($s\):|\1|" \
+            -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
+            -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p"  ${1} |
+    awk -F$fs '{
+        indent = length($1)/2;
+        vname[indent] = $2;
+        for (i in vname) {if (i > indent) {delete vname[i]}}
+        if (length($3) > 0) {
+            vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
+            printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
+        }
+    }'
+
+}
+
+function readConfig() {
+
+    if [ -f "${config_file}" ]; then
+        if [ ! -s "${config_file}" ]; then
+            logger_cert -e "File ${config_file} is empty"
+            exit 1
+        fi
+        eval "$(parse_yaml "${config_file}")"
+        eval "indexer_node_names=( $(parse_yaml "${config_file}" | grep nodes_indexer_name | sed 's/nodes_indexer_name=//') )"
+        eval "wazuh_servers_node_names=( $(parse_yaml "${config_file}" | grep nodes_wazuh_servers_name | sed 's/nodes_wazuh_servers_name=//') )"
+        eval "dashboard_node_names=( $(parse_yaml "${config_file}" | grep nodes_dashboard_name | sed 's/nodes_dashboard_name=//') )"
+
+        eval "indexer_node_ips=( $(parse_yaml "${config_file}" | grep nodes_indexer_ip | sed 's/nodes_indexer_ip=//') )"
+        eval "wazuh_servers_node_ips=( $(parse_yaml "${config_file}" | grep nodes_wazuh_servers_ip | sed 's/nodes_wazuh_servers_ip=//') )"
+        eval "dashboard_node_ips=( $(parse_yaml "${config_file}" | grep nodes_dashboard_ip | sed 's/nodes_dashboard_ip=//') )"
+
+        eval "wazuh_servers_node_types=( $(parse_yaml "${config_file}" | grep nodes_wazuh_servers_node_type | sed 's/nodes_wazuh_servers_node_type=//') )"
+
+        unique_names=($(echo "${indexer_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
+        if [ "${#unique_names[@]}" -ne "${#indexer_node_names[@]}" ]; then 
+            logger_cert -e "Duplicated indexer node names."
+            exit 1
+        fi
+
+        unique_ips=($(echo "${indexer_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
+        if [ "${#unique_ips[@]}" -ne "${#indexer_node_ips[@]}" ]; then 
+            logger_cert -e "Duplicated indexer node ips."
+            exit 1
+        fi
+
+        unique_names=($(echo "${wazuh_servers_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
+        if [ "${#unique_names[@]}" -ne "${#wazuh_servers_node_names[@]}" ]; then 
+            logger_cert -e "Duplicated Wazuh server node names."
+            exit 1
+        fi
+
+        unique_ips=($(echo "${wazuh_servers_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
+        if [ "${#unique_ips[@]}" -ne "${#wazuh_servers_node_ips[@]}" ]; then 
+            logger_cert -e "Duplicated Wazuh server node ips."
+            exit 1
+        fi
+
+        unique_names=($(echo "${dashboard_node_names[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
+        if [ "${#unique_names[@]}" -ne "${#dashboard_node_names[@]}" ]; then 
+            logger_cert -e "Duplicated dashboard node names."
+            exit 1
+        fi
+
+        unique_ips=($(echo "${dashboard_node_ips[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
+        if [ "${#unique_ips[@]}" -ne "${#dashboard_node_ips[@]}" ]; then 
+            logger_cert -e "Duplicated dashboard node ips."
+            exit 1
+        fi
+
+        if [ "${#wazuh_servers_node_names[@]}" -ne "${#wazuh_servers_node_ips[@]}" ]; then 
+            logger_cert -e "Different number of Wazuh server node names and IPs."
+            exit 1
+        fi
+
+        for i in "${wazuh_servers_node_types[@]}"; do
+            if ! echo "$i" | grep -ioq master && ! echo "$i" | grep -ioq worker; then
+                logger_cert -e "Incorrect node_type $i must be master or worker"
+                exit 1
+            fi
+        done
+
+        if [ "${#wazuh_servers_node_names[@]}" -le 1 ]; then
+            if [ "${#wazuh_servers_node_types[@]}" -ne 0 ]; then
+                logger_cert -e "The tag node_type can only be used with more than one Wazuh server."
+                exit 1
+            fi
+        elif [ "${#wazuh_servers_node_names[@]}" -gt "${#wazuh_servers_node_types[@]}" ]; then
+            logger_cert -e "The tag node_type needs to be specified for all Wazuh server nodes."
+            exit 1
+        elif [ "${#wazuh_servers_node_names[@]}" -lt "${#wazuh_servers_node_types[@]}" ]; then
+            logger_cert -e "Found extra node_type tags."
+            exit 1
+        elif [ $(grep -io master <<< ${wazuh_servers_node_types[*]} | wc -l) -ne 1 ]; then
+            logger_cert -e "Wazuh cluster needs a single master node."
+            exit 1
+        elif [ $(grep -io worker <<< ${wazuh_servers_node_types[*]} | wc -l) -ne $(( ${#wazuh_servers_node_types[@]} - 1 )) ]; then
+            logger_cert -e "Incorrect number of workers."
+            exit 1
+        fi
+
+        if [ "${#dashboard_node_names[@]}" -ne "${#dashboard_node_ips[@]}" ]; then 
+            logger_cert -e "Different number of dashboard node names and IPs."
+            exit 1
+        fi
+
+    else
+        logger_cert -e "No configuration file found. ${config_file}."
+        exit 1
+    fi
+
+}
+
+main $@

production-cluster.yml

@@ -84,12 +84,12 @@ services:
         hard: 65536
     volumes:
       - wazuh-indexer-data-1:/var/lib/wazuh-indexer
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/etc/wazuh-indexer/certs/wazuh1.indexer.key
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/etc/wazuh-indexer/certs/wazuh1.indexer.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/admin.pem:/etc/wazuh-indexer/certs/admin.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/admin-key.pem:/etc/wazuh-indexer/certs/admin-key.pem
-      - ./production_cluster/wazuh-indexer/wazuh1.indexer.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh1.indexer.key
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/wazuh1.indexer.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/admin.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/admin-key.pem
+      - ./production_cluster/wazuh-indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
       - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh2.indexer:
@@ -108,10 +108,10 @@ services:
         hard: 65536
     volumes:
       - wazuh-indexer-data-2:/var/lib/wazuh-indexer
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/etc/wazuh-indexer/certs/wazuh2.indexer.key
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/etc/wazuh-indexer/certs/wazuh2.indexer.pem
-      - ./production_cluster/wazuh-indexer/wazuh2.indexer.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh2.indexer.key
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/wazuh2.indexer.pem
+      - ./production_cluster/wazuh-indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
       - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh3.indexer:
@@ -130,10 +130,10 @@ services:
         hard: 65536
     volumes:
       - wazuh-indexer-data-3:/var/lib/wazuh-indexer
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/etc/wazuh-indexer/certs/wazuh3.indexer.key
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/etc/wazuh-indexer/certs/wazuh3.indexer.pem
-      - ./production_cluster/wazuh-indexer/wazuh3.indexer.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh3.indexer.key
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/wazuh3.indexer.pem
+      - ./production_cluster/wazuh-indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
       - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh.dashboard:

production_cluster/wazuh-indexer/wazuh1.indexer.yml

@@ -12,12 +12,12 @@ discovery.seed_hosts:
 node.max_local_storage_nodes: "3"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh1.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh1.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh1.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh1.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false

production_cluster/wazuh-indexer/wazuh2.indexer.yml

@@ -12,12 +12,12 @@ discovery.seed_hosts:
 node.max_local_storage_nodes: "3"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh2.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh2.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh2.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh2.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false

production_cluster/wazuh-indexer/wazuh3.indexer.yml

@@ -12,12 +12,12 @@ discovery.seed_hosts:
 node.max_local_storage_nodes: "3"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh3.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh3.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh3.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh3.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false

wazuh-indexer/Dockerfile

@@ -3,17 +3,17 @@ FROM ubuntu:focal AS builder
 
 RUN apt-get update -y && apt-get install curl openssl xz-utils -y
 
-COPY config/unattended_installer.tar.gz /
+COPY config/opensearch.yml /
 
 COPY config/config.sh .
 
 COPY config/config.yml /
 
-RUN tar -xzvf /unattended_installer.tar.gz
+COPY config/internal_users.yml /
 
-RUN mv /config.yml /unattended_installer/install_functions/
+COPY config/roles_mapping.yml /
 
-RUN chmod 755 /unattended_installer/install_functions/wazuh-cert-tool.sh && bash /unattended_installer/install_functions/wazuh-cert-tool.sh
+COPY config/roles.yml /
 
 RUN bash config.sh
 
@@ -50,13 +50,12 @@ COPY config/securityadmin.sh /
 RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
 
 COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
-COPY --from=builder --chown=0:0 /debian/wazuh-indexer/etc/init.d/wazuh-indexer /etc/init.d/wazuh-indexer
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
-COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/etc/wazuh-indexer /etc/wazuh-indexer
-COPY config/opensearch.yml /etc/wazuh-indexer/
-RUN chmod 660 /etc/wazuh-indexer/opensearch.yml && chown 1000:1000 /etc/wazuh-indexer/opensearch.yml
+#COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/etc/wazuh-indexer /etc/wazuh-indexer
+#COPY config/opensearch.yml /etc/wazuh-indexer/
+#RUN chmod 660 /etc/wazuh-indexer/opensearch.yml && chown 1000:1000 /etc/wazuh-indexer/opensearch.yml
 
 RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
     mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
@@ -66,7 +65,6 @@ RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer &&
 # Services ports
 EXPOSE 9200
 
-
 ENTRYPOINT ["/entrypoint.sh"]
 # Dummy overridable parameter parsed by entrypoint
 CMD ["opensearchwrapper"]

wazuh-indexer/config/config.sh

@@ -8,14 +8,15 @@ export TARGET_DIR=${CURDIR}/debian/${NAME}
 # Package build options
 export USER=${NAME}
 export GROUP=${NAME}
-export CONFIG_DIR=/etc/${NAME}
+export VERSION=4.3.0
 export LOG_DIR=/var/log/${NAME}
 export LIB_DIR=/var/lib/${NAME}
 export PID_DIR=/run/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
+export CONFIG_DIR=${INSTALLATION_DIR}/config
 export BASE_DIR=${NAME}-*
 export INDEXER_FILE=wazuh-indexer-base.tar.xz
-export BASE_FILE=wazuh-indexer-base-4.3.0-linux-x64.tar.xz
+export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
 export REPO_DIR=/unattended_installer
 
 
@@ -24,7 +25,12 @@ rm -rf ${INSTALLATION_DIR}/
 curl -o ${INDEXER_FILE} https://packages-dev.wazuh.com/stack/indexer/base/${BASE_FILE}
 tar -xf ${INDEXER_FILE}
 
-# Copy to target
+curl -o wazuh-cert-tool.sh https://s3.us-west-1.amazonaws.com/packages.wazuh.com/4.x/wazuh-cert-tool.sh
+curl -o wazuh-password-tool.sh https://s3.us-west-1.amazonaws.com/packages.wazuh.com/4.x/wazuh-passwords-tool.sh
+
+chmod 755 wazuh-cert-tool.sh && bash /wazuh-cert-tool.sh
+
+# copy to target
 mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}
 mkdir -p ${TARGET_DIR}${LIB_DIR}
@@ -46,11 +52,14 @@ rm -rf ${BASE_DIR}/usr
 # Copy installation files to final location
 cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR}
 # Copy the security tools
-cp ${REPO_DIR}/install_functions/wazuh-cert-tool.sh ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
-cp ${REPO_DIR}/install_functions/wazuh-passwords-tool.sh ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
+cp /wazuh-cert-tool.sh ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
+cp /wazuh-password-tool.sh ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
 # Copy Wazuh's config files for the security plugin
-cp -pr ${REPO_DIR}/config/indexer/roles/roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
-cp -pr ${REPO_DIR}/config/indexer/roles/roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
-cp -pr ${REPO_DIR}/config/indexer/roles/internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
-# Copy Wazuh indexer certificates
-cp -R ${REPO_DIR}/install_functions/certs ${TARGET_DIR}${CONFIG_DIR}
+cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
+cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
+cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
+cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
+# Copy Wazuh indexer's demo certificates
+cp -pr /certs/* ${TARGET_DIR}${CONFIG_DIR}
+
+

wazuh-indexer/config/entrypoint.sh

@@ -6,12 +6,12 @@ umask 0002
 
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
-export OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
 export JAVA_HOME=${INSTALLATION_DIR}/jdk
-export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" /etc/wazuh-indexer/opensearch.yml)
-export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" /etc/wazuh-indexer/opensearch.yml)
-export CERT="/etc/wazuh-indexer/certs/admin.pem"
-export KEY="/etc/wazuh-indexer/certs/admin-key.pem"
+export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
+export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
+export CERT="${OPENSEARCH_PATH_CONF}/admin.pem"
+export KEY="${OPENSEARCH_PATH_CONF}/admin-key.pem"
 
 run_as_other_user_if_needed() {
   if [[ "$(id -u)" == "0" ]]; then
@@ -83,6 +83,7 @@ if [[ "$(id -u)" == "0" ]]; then
   fi
 fi
 
+
 if [[ "$DISCOVERY" == "single-node" ]]; then
   # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
   nohup /securityadmin.sh &

wazuh-indexer/config/internal_users.yml

@@ -0,0 +1,74 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
+
+wazuh_admin:
+  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false
+  
+wazuh_user:
+  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false  

wazuh-indexer/config/opensearch.yml

@@ -4,12 +4,12 @@ path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/demo.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/demo.indexer-key.pem
-plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/demo.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/demo.indexer-key.pem
-plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/demo.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/demo.indexer-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/demo.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/demo.indexer-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false

wazuh-indexer/config/roles.yml

@@ -0,0 +1,163 @@
+_meta:
+  type: "roles"
+  config_version: 2
+
+# Restrict users so they can only view visualization and dashboards on kibana
+kibana_read_only:
+  reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+  reserved: true
+
+# Allows users to view monitors, destinations and alerts
+alerting_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/get'
+    - 'cluster:admin/opendistro/alerting/destination/get'
+    - 'cluster:admin/opendistro/alerting/monitor/get'
+    - 'cluster:admin/opendistro/alerting/monitor/search'
+
+# Allows users to view and acknowledge alerts
+alerting_ack_alerts:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/*'
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/alerting/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allow users to read Anomaly Detection detectors and results
+anomaly_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/ad/detector/info'
+    - 'cluster:admin/opendistro/ad/detector/search'
+    - 'cluster:admin/opendistro/ad/detectors/get'
+    - 'cluster:admin/opendistro/ad/result/search'
+    - 'cluster:admin/opendistro/ad/tasks/search'
+
+# Allows users to use all Anomaly Detection functionality
+anomaly_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/ad/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allows users to read Notebooks
+notebooks_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/list'
+    - 'cluster:admin/opendistro/notebooks/get'
+
+# Allows users to all Notebooks functionality
+notebooks_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/create'
+    - 'cluster:admin/opendistro/notebooks/update'
+    - 'cluster:admin/opendistro/notebooks/delete'
+    - 'cluster:admin/opendistro/notebooks/get'
+    - 'cluster:admin/opendistro/notebooks/list'
+
+# Allows users to read and download Reports
+reports_instances_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to read and download Reports and Report-definitions
+reports_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to all Reports functionality
+reports_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/create'
+    - 'cluster:admin/opendistro/reports/definition/update'
+    - 'cluster:admin/opendistro/reports/definition/on_demand'
+    - 'cluster:admin/opendistro/reports/definition/delete'
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to use all asynchronous-search functionality
+asynchronous_search_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices:data/read/search*'
+
+# Allows users to read stored asynchronous-search results
+asynchronous_search_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/get'
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+  tenant_permissions: []
+  static: false        
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+    - "delete"
+    - "manage"
+    - "index"
+  tenant_permissions: []
+  static: false  

wazuh-indexer/config/roles_mapping.yml

@@ -0,0 +1,71 @@
+---
+# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
+# Permissions for Opendistro roles are configured in roles.yml
+
+_meta:
+  type: "rolesmapping"
+  config_version: 2
+
+# Define your roles mapping here
+
+## Demo roles mapping
+
+all_access:
+  reserved: false
+  backend_roles:
+  - "admin"
+  description: "Maps admin to all_access"
+
+own_index:
+  reserved: false
+  users:
+  - "*"
+  description: "Allow full access to an index named like the username"
+
+logstash:
+  reserved: false
+  backend_roles:
+  - "logstash"
+
+kibana_user:
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  users:
+  - "wazuh_user"
+  - "wazuh_admin"    
+  description: "Maps kibanauser to kibana_user"
+
+readall:
+  reserved: false
+  backend_roles:
+  - "readall"
+
+manage_snapshots:
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+
+kibana_server:
+  reserved: true
+  users:
+  - "kibanaserver"
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_admin"
+  - "kibanaserver"
+  and_backend_roles: []
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_user"
+  and_backend_roles: []