From 2487a5481e2792c63468c01b0408d0e6f802c45a Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 2 Jul 2024 15:01:37 -0300 Subject: [PATCH 1/3] Add new keystore generation --- .../config/etc/cont-init.d/0-wazuh-init | 33 ++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init index dae0e1f0..5ec1fe27 100644 --- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init @@ -122,6 +122,20 @@ create_ossec_key_cert() { exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" } +######################### +#GenerateKeystoreCert() +######################### +GenerateKeystoreCert() +{ + # Regenerate keys if they are not valid. + keystore_key=/etc/keystore.key + keystore_cert=/etc/keystore.cert + echo "Generating RSA keys for Keystore." + ${WAZUH_INSTALL_PATH}/bin/wazuh-authd -C 365 -B 2048 -K ${WAZUH_INSTALL_PATH}${keystore_key} -X ${WAZUH_INSTALL_PATH}${keystore_cert} -S "/C=US/ST=California/CN=wazuh/" + chmod 600 ${WAZUH_INSTALL_PATH}${keystore_key} + chmod 600 ${WAZUH_INSTALL_PATH}${keystore_cert} +} + ############################################################################## # Copy all files from $WAZUH_CONFIG_MOUNT to $WAZUH_INSTALL_PATH and respect # destination files permissions @@ -199,7 +213,7 @@ main() { # Restore files stored in permanent data that are not permanent (i.e. internal_options.conf) apply_exclusion_data - + # Apply correct permission and ownership set_correct_permOwner @@ -218,6 +232,23 @@ main() { fi fi + keystore_key=/etc/keystore.key + keystore_cert=/etc/keystore.cert + + # If we come from 4.8.0, no certificates will be found. + # Since the Keystore tool previously used sslmanager keys for encryption, + # We copy them to the new location to be able to recover the information. + if [ ! -f "${WAZUH_INSTALL_PATH}${keystore_key}" ] && [ ! -f "${WAZUH_INSTALL_PATH}${keystore_cert}" ]; then + cp -p ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert ${WAZUH_INSTALL_PATH}${keystore_cert} + cp -p ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ${WAZUH_INSTALL_PATH}${keystore_key} + fi + + # Test if the certificates are valid. If don't, re-generate them + ${WAZUH_INSTALL_PATH}/bin/wazuh-keystore -f default -k certificate_test -v test + if [ $? -eq 1 ]; then + GenerateKeystoreCert + fi + # Mount selected files (WAZUH_CONFIG_MOUNT) to container mount_files From 665f6fd84a04fcd52ce9228e166d0d57d8da1b71 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 4 Jul 2024 13:01:22 -0300 Subject: [PATCH 2/3] Fix goss test --- .github/.goss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/.goss.yaml b/.github/.goss.yaml index 50b54fc2..1610cc42 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 4.8.1-1 + - 4.8.1 port: tcp:1514: listening: true From 6138516ad9c8ed52edf4288a89f3e500f0e75184 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 4 Jul 2024 13:36:55 -0300 Subject: [PATCH 3/3] Fix wazuh documents tests --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 0444cba7..cecc3e5c 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -270,7 +270,7 @@ jobs: sleep 10 done docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" - if [[ $docs -gt 1 ]]; then + if [[ $docs -gt 0 ]]; then echo "wazuh-alerts index documents: ${docs}" else echo "wazuh-alerts index documents: ${docs}"