Fix permision problem for manager and worker, setting uid correctly

2025-11-03 05:23:14 +00:00 · 2022-04-04 16:35:04 -03:00
parent 20e5315042
commit c8d8a51d6a
3 changed files with 45 additions and 3 deletions
--- a/indexer-certs-creator/config/entrypoint.sh
+++ b/indexer-certs-creator/config/entrypoint.sh
@@ -30,6 +30,31 @@ fi

 chmod 700 /$CERT_TOOL

+##############################################################################
+# Functions
+##############################################################################
+
+function cert_parseYaml() {
+
+    local prefix=${2}
+    local s='[[:space:]]*'
+    local w='[a-zA-Z0-9_]*'
+    local fs=$(echo @|tr @ '\034')
+    sed -ne "s|^\($s\):|\1|" \
+            -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
+            -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p"  ${1} |
+    awk -F$fs '{
+        indent = length($1)/2;
+        vname[indent] = $2;
+        for (i in vname) {if (i > indent) {delete vname[i]}}
+        if (length($3) > 0) {
+            vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
+            printf("%s%s%s=%s\n", "'$prefix'",vn, $2, $3);
+        }
+    }'
+
+}
+
 ##############################################################################
 # Creating Cluster certificates
 ##############################################################################
@@ -40,3 +65,20 @@ cp /wazuh-certificates/* /certificates/
 echo "changing certificate permissions"
 chmod -R 500 /certificates
 chmod -R 400 /certificates/*
+echo "Setting UID indexer and dashboard"
+chown 1000 /certificates/*
+echo "Setting UID for wazuh manager and worker"
+cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
+cp /certificates/root-ca.key /certificates/root-ca-manager.key
+chown 999:997 /certificates/root-ca-manager.pem
+chown 999:997 /certificates/root-ca-manager.key
+
+## Parsin cert.yml yo set UID permissions
+nodes_server=$( cert_parseYaml /certificates/certs.yml | grep nodes_server_name | sed 's/nodes_server_name=//' )
+arr=($nodes_server)
+
+for i in ${arr[@]}; 
+do 
+  chown 999:997 "/certificates/${i}.pem"
+  chown 999:997 "/certificates/${i}-key.pem"
+done
--- a/multi-node/docker-compose.yml
+++ b/multi-node/docker-compose.yml
@@ -32,7 +32,7 @@ services:
      - master-wazuh-wodles:/var/ossec/wodles
      - master-filebeat-etc:/etc/filebeat
      - master-filebeat-var:/var/lib/filebeat
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
@@ -61,7 +61,7 @@ services:
      - worker-wazuh-wodles:/var/ossec/wodles
      - worker-filebeat-etc:/etc/filebeat
      - worker-filebeat-var:/var/lib/filebeat
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
--- a/single-node/docker-compose.yml
+++ b/single-node/docker-compose.yml
@@ -33,7 +33,7 @@ services:
      - wazuh_wodles:/var/ossec/wodles
      - filebeat_etc:/etc/filebeat
      - filebeat_var:/var/lib/filebeat
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf