Remove kibana custom configuration (#279)

docker-compose.yml

@@ -11,8 +11,8 @@ services:
       - "1515:1515"
       - "514:514/udp"
       - "55000:55000"
-    depends_on:
+  #   depends_on:
-      - logstash
+  #     - logstash
   # logstash:
   #   image: wazuh/wazuh-elasticsearch:3.10.2_7.3.2
   #   hostname: logstash
@@ -71,8 +71,6 @@ services:
       - SECURITY_ENABLED=no
       - SECURITY_KIBANA_USER=service_kibana
       - SECURITY_KIBANA_PASS=kibana_pass
-      - SECURITY_KIBANA_SSL_KEY_PATH=/usr/share/kibana/config/ssl/private
-      - SECURITY_KIBANA_SSL_CERT_PATH=/usr/share/kibana/config/ssl/certs
       - ELASTICSEARCH_KIBANA_IP=https://elasticsearch:9200
       - SECURITY_CA_PEM=server.TEST-CA-signed.pem
     ports:

kibana/Dockerfile

@@ -20,6 +20,8 @@ RUN mkdir /entrypoint-scripts
 
 USER kibana
 
+ENV CONFIGURATION_FROM_FILE="false"
+
 ENV PATTERN="" \
     CHECKS_PATTERN="" \
     CHECKS_TEMPLATE="" \
@@ -65,13 +67,11 @@ COPY --chown=kibana:kibana ./config/15-decrypt_credentials.sh /entrypoint-script
 COPY --chown=kibana:kibana ./config/20-entrypoint.sh /entrypoint-scripts/20-entrypoint.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint_kibana_settings.sh ./
 COPY --chown=kibana:kibana ./config/20-entrypoint_certs_management.sh ./
-COPY --chown=kibana:kibana ./config/20-entrypoint_security_configuration.sh ./
 RUN chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \
     chmod +x /entrypoint-scripts/15-decrypt_credentials.sh && \
     chmod +x /entrypoint-scripts/20-entrypoint.sh && \
     chmod +x ./20-entrypoint_kibana_settings.sh && \
-    chmod +x ./20-entrypoint_certs_management.sh && \
+    chmod +x ./20-entrypoint_certs_management.sh
-    chmod +x ./20-entrypoint_security_configuration.sh
 
 COPY --chown=kibana:kibana ./config/xpack_config.sh ./
 

kibana/config/20-entrypoint.sh

@@ -113,7 +113,6 @@ fi
 if [[ $SECURITY_ENABLED == "yes" ]]; then
 
   bash /usr/share/kibana/20-entrypoint_certs_management.sh
-  bash /usr/share/kibana/20-entrypoint_security_configuration.sh
 
 fi
 

kibana/config/20-entrypoint_kibana_settings.sh

@@ -17,7 +17,7 @@ WAZUH_MAJOR=3
 ##############################################################################
 # Customize elasticsearch ip
 ##############################################################################
-if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
+if [[ "$ELASTICSEARCH_KIBANA_IP" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
   sed -i "s:#elasticsearch.hosts:elasticsearch.hosts:g" /usr/share/kibana/config/kibana.yml
   sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
 fi
@@ -25,7 +25,7 @@ fi
 echo "SETTINGS - Update Elasticsearch host."
 
 # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
-if [ "$KIBANA_INDEX" != "" ]; then
+if [[ "$KIBANA_INDEX" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
   if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
     sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
   fi
@@ -33,7 +33,7 @@ if [ "$KIBANA_INDEX" != "" ]; then
 fi
 
 # If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false.
-if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
+if [[ "$XPACK_SECURITY_ENABLED" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
   if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
     sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
   fi

kibana/config/20-entrypoint_security_configuration.sh

@@ -1,28 +0,0 @@
-#!/bin/bash
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-##############################################################################
-# Adapt kibana.yml configuration file 
-##############################################################################
-
-if [[ $SECURITY_ENABLED == "yes" ]]; then
-
-    echo "CONFIGURATION - Setting security Kibana configuiration options."
-
-    # Example:
-
-    #     echo "
-    # # Elasticsearch from/to Kibana
-    # elasticsearch.ssl.certificateAuthorities: [\"/usr/share/kibana/config/CA.pem\"]
-
-    # server.ssl.enabled: true
-    # server.ssl.certificate: /usr/share/kibana/config/ssl/certs/cert.pem
-    # server.ssl.key: /usr/share/kibana/config/ssl/private/cert.key
-    # server.ssl.supportedProtocols: 
-    #     - TLSv1.1
-    #     - TLSv1.2
-    # " >> /usr/share/kibana/config/kibana.yml
-
-fi